Troj/Stinx-F is a backdoor Trojan for the Windows platform.
Troj/Stinx-F connects to one of several IP addresses and runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Troj/Stinx-F can be instructed to delete, download and execute files.
Troj/Stinx-F will attempt to circumvent the Windows Firewall if it is present by adding itself to the list of allowed programs.
Troj/Stinx-F may be stealthed on an infected system by exploiting Sony DRM (Digital Rights Management) software.
Troj/Stinx-F may arrive as an email attachment wherein it is claimed that the attached file is a photograph to be published that requires approval.
Troj/Stinx-F is a backdoor Trojan for the Windows platform.
Troj/Stinx-F connects to one of several IP addresses and runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run Troj/Stinx-F copies itself to <System>\$sys$xp.exe, and creates the following registry entry so it is automatically run when an infected computer starts:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
$sys$cmp
$sys$xp.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
$sys$cmp
$sys$xp.exe
Troj/Stinx-F can be instructed to delete, and download and execute files.
Troj/Stinx-F will attempt to circumvent the Windows Firewall if it is present by adding itself to the list of allowed programs.
Troj/Stinx-F may be stealthed on an infected system by exploiting Sony DRM (Digital Rights Management) software.
Troj/Stinx-F may arrive as an email attachment wherein it is claimed that the attached file is a photograph to be published that requires approval.