W32/Forbot-GI

Categoría: Virus y programas espía Protección disponible desde:22 abr 2006 00:00:00 (GMT)
Tipo: Win32 worm Última actualización:22 abr 2006 00:00:00 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

W32/Forbot-GI is a worm and backdoor for the Windows platform.

W32/Forbot-GI includes functionality to access the internet and communicate with a remote server via HTTP. W32/Forbot-GI is a worm and backdoor for the Windows platform.

W32/Forbot-GI includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/Forbot-GI copies itself to <Windows system folder>\drivers\ntndis.exe and creates the file <Windows system folder>\drivers\ntndis.sys.

The following registry entry is changed to run ntndis.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe <Windows system folder>\drivers\ntndis.exe

(the default value for this registry entry is "Explorer.exe" which causes the
Microsoft file <Windows folder>\Explorer.exe to be run on startup).

The file ntndis.sys is a rootkit detected by Sophos's anti-virus products as Troj/RKProc-F. Ntndis.sys is registered as a new system driver service named "ntndis", with a display name of "ntndis" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\ntndis\

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad