Troj/Shellot-L

Category:	Viruses and Spyware	Protection available since:	06 Nov 2006 00:00:00 (GMT)
Type:	Trojan	Last Updated:	06 Nov 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Shellot-L is a backdoor Trojan for the Windows platform.

The Trojan has the functionalities to :

- communicate with a remote server via HTTP
- allow unauthorised access to the computer
- hides files, processes and registry entries

When run, the Trojan copies itself to <System>\<random>.exe and creates the file <System>\<random numbers>.dll. The file <random numbers>.dll is detected as Troj/Shellot-L.

The Trojan sets the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
<Non Roman Characters>
<Non Roman Characters>="<System>\<random>.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<Non Roman Characters>
<Non Roman Characters>="<System>\<random>.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
<Non Roman Characters>
<Non Roman Characters>="<System>\<random>.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
<Non Roman Characters>
<Non Roman Characters>="<System>\<random>.exe

Registry entries are set as follows:

HKCU\SYSTEM\CurrentControlSet\Control\Lsa
<Non Roman Characters>
<Non Roman Characters>="<System>\<random>.exe

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
<Non Roman Characters>
<Non Roman Characters>="<System>\<random>.exe

HKCU\Software\Microsoft\OLE
<Non Roman Characters>
<Non Roman Characters>="<System>\<random>.exe

HKLM\SOFTWARE\Microsoft\Ole
<Non Roman Characters>="<System>\<random>.exe

Try Sophos products for free
Download now

Troj/Shellot-L

Free Mac Anti-Virus

Popular topics