Troj/Tanto-H

Categoría: Virus y programas espía
Tipo: Trojan
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Troj/Tanto-H is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Tanto-H is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Tanto-H includes functionality to download, install and run new software.

When first run Troj/Tanto-H copies itself to <Windows>\wscntfy.exe.

The file wscntfy.exe is registered as a new system driver service named "Microsoft wscntfy Service", with a display name of "Microsoft wscntfy Service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Microsoft wscntfy Service

Troj/Tanto-H sets the following registry entries, disabling the automatic startup of other software:

HKLM\SYSTEM\CurrentControlSet\Services\Messenger
Start
4

HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry
Start
4

HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr
Start
4

Registry entries are set as follows:

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall
0

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall
0

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotAllowXPSP2
1

HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Security Center

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad