Troj/MSNOpt-A

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSNOpt-A is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

When first run Troj/MSNOpt-A copies itself to:

\Girleys.exe
\MyPic.Scr
\NudePic.Pif
\Pic1DOC0051.scr
\SexyGirl.exe
<System>\lexplore_.exe

Troj/MSNOpt-A may attempt to send itself using these filenames to contacts found in Microsoft MSN Messenger, accompanied by one of the following instant messages :

'Check This out !!'
'Hey look my pic on this ..'
'MyPic '
'wow look for this pic'

The following registry entries are created to run lexplore_.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinEx
<System>\lexplore_.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ShellRun
<System>\lexplore_.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
APIClass
<System>\lexplore_.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
RegMutex
<System>\lexplore_.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe lexplore_.exe

Try Sophos products for free
Download now

Troj/MSNOpt-A

Free Mac Anti-Virus

Popular topics