Troj/Cimuz-CD

Category: Viruses and Spyware Protection available since:11 Apr 2007 00:00:00 (GMT)
Type: Trojan Last Updated:11 Apr 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Cimuz-CD is a backdoor Trojan for the Windows platform.

Troj/Cimuz-CD includes functionality to access the internet and communicate with a remote server.

Troj/Cimuz-CD attempts to turn off anti-virus applications.

When first run Troj/Cimuz-CD copies itself to <System>\mstsdsc.exe and creates the following registry entry in order to run on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mstsdsc.exe
<System>\mstsdsc.exe

Troj/Cimuz-CD creates the following files:
<System>\sporder.dll
<System>\tmwsock.dll

The file sporder.dll is a Windows networking library and is not inherently malicious. The file tmwsock.dll is also detected as Troj/Cimuz-CD.

The following registry entry is set to allow Troj/Cimuz-CD to bypass the Windows firewall:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
<System>\mstsdsc.exe
<System>\mstsdsc.exe:*:Enabled:mstsdsc

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy