Troj/Optix-B

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Optix-B is a backdoor Trojan.

In order to run automatically when Windows starts up the Trojan copies
itself to the file sms.exe in the Windows folder and adds the following registry
entry pointing to this file:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\USB Drivers Device

The Trojan opens a TCP backdoor port and anounces the infection by
connecting to a remote web site.

Troj/Optix-B also sets the following registry entries:

HKCU\Software\Microsoft\RAS Autodial\Control\DisableConnectionQuery = 1

HKLM\SOFTWARE\Microsoft\RAS AutoDial\Control\LoginSessionDisable = 1

HKLM\SOFTWARE\Microsoft\RAS AutoDial\Control\DisableConnectionQuery = 1

HKCU\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable = 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
EnableAutodial = 0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
EnableAutodial = 0

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy