Troj/Crater-A

Category: Viruses and Spyware Protection available since:25 Nov 2003 00:00:00 (GMT)
Type: Trojan Last Updated:25 Nov 2003 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Crater-A is a backdoor Trojan which makes use of a FTP server program to provide unauthorised access to the computer from a remote network location.

When the Trojan is run it creates the folder
C:\<Windows folder>\system32\tcp%ip.[00021401-0000-0000-c000-000000000046] and drops the following files there:

agt0c1a.dll
agt0c1b.dll
agt0c1c.dll
c_951.nls
c_952.nls
clearlogs.exe
crc.exe
fport.exe
instsrv.exe
msdxm32.ocx
msidtc.dll
msiloader.dll
netlib.exe
netlib.ini
netlib.reg
regini.exe
service.exe
start.cmd

These files are utilities used by the Trojan, configuration files used by those utilities and an FTP server program.

Troj/Crater-A installs the FTP server, which allows a remote intruder to connect to the computer to upload and download files. The FTP server program creates numerous entries under the following registry entry:

HKLM\SYSTEM\CurrentControlSet\Services\Netlib

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy