Troj/HacDef-DR

Category:	Viruses and Spyware	Protection available since:	29 Dec 2006 00:00:00 (GMT)
Type:	Trojan	Last Updated:	09 Jan 2007 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/HacDef-DR is a backdoor Trojan for the Windows platform.

Troj/HacDef-DR contains functionality to hide information about the infected computer.

The Trojan reads configuration data from an INI file with the same basename as the Trojan filename. This file is also detected as Troj/HacDef-DR.

Troj/HacDef-DR may create the file <System>\hxdefdrv.sys which also detected as Troj/HacDef-DR.

The file hxdefdrv.sys is registered as a system driver service named "winntbaken
", with a display name of "ROME ROTYUS" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\winntbaken\

Troj/HacDef-DR may copy itself to the file <System>\r_server.exe. The following registry entry may be set to run the Trojan copy on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
r_server
<System>\r_server.exe

Try Sophos products for free
Download now

Troj/HacDef-DR

Free Mac Anti-Virus

Popular topics