Troj/Haxdoor-DI

Category: Viruses and Spyware Protection available since:19 Oct 2006 00:00:00 (GMT)
Type: Trojan Last Updated:19 Oct 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Haxdoor-DI is a backdoor Trojan for the Windows platform.

Troj/Haxdoor-DI includes functionality to:

- stealth its files, processes and registry entries
- inject its code into other processes

Sophos's anti-virus products include Behavioral Genotype™ Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against Troj/Haxdoor-DI (detected as Mal/Packer) since version 4.10. Troj/Haxdoor-DI is a backdoor Trojan for the Windows platform.

Troj/Haxdoor-DI includes functionality to:

- stealth its files, processes and registry entries
- inject its code into other processes

When Troj/Haxdoor-DI is installed the following files are created:

<System>\arprmdg0.dll
<System>\arprmdg5.sys
<System>\ksl48.bin

The following registry entries are created to run code exported by arprmdg0.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arprmdg0
DllName
arprmdg0.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arprmdg0
Startup
arprmdg0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arprmdg0
Impersonate
1

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy