Troj/Graybird-A

Categoría: Virus y programas espía Protección disponible desde:13 oct 2003 00:00:00 (GMT)
Tipo: Trojan Última actualización:13 oct 2003 00:00:00 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Troj/Graybird-A is a backdoor Trojan. When run on a victim's computer that computer will become vulnerable to unauthorised access attacks.

Troj/Graybird-A copies itself to the Windows system folder with the filename spoolsv.exe and sets the following registry entries so that the Trojan is run when Windows starts up:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SPOOLSV
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SPOOLSV
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SPOOLSV

A 'Run' entry will be added to the file win.ini which will also cause the Trojan to be run when Windows starts up.

The Trojan may be distributed in an email with the following characteristics:

Subject line: updated
Message text: Dear customer:
At 11:34 A.M. Pacific Time on August 13, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.

Download the attached update program. To begin the download process, do one of the following:

To download the attached program to your computer for installation at a later time, click Save or Save this program to disk.then run it. If you have any problem, connect to us immediately.

Attached file: 03-26updated.exe

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad