Troj/Mipbot-B is a Trojan for the Windows platform.
Troj/Mipbot-B attempts to connect to one of several pre-specified servers from which it can receive further information.
Troj/Mipbot-B is used to send unsolicited emails from an infected computer.
When Troj/Mipbot-B is installed it creates the file <Windows system folder>\drivers\i386p.sys.
This file is used to stealth the functioning of the Trojan, and is also detected as Troj/Mipbot-B.
The following registry entries are created to run code exported by the Trojan DLL on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<original
filename>
DllName
<pathname of the Trojan DLL>
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<original
Trojan filename>
Startup
Startup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<original
Trojan filename>
Impersonate
dword