high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 10 June 2005 04:53:09 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Mirjack-A is a Trojan for the Windows platform.
When run, Troj/Mirjack-A copies itself to the Windows folder as hidep.exe and sets the following registry entry in order to run each time a user logs on:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cpyt
"<Windows folder>\hidep.exe"
The Trojan also registers itself as a service process.
Troj/Mirjack-A determines if the internet relay chat (IRC) client mIRC is installed by querying the value of the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC
UninstallString
Upon successfully finding the mIRC folder, Troj/Mirjack-A creates a file named script.ini which defines further behavior for the mIRC client. The script forces the client to remain in a hidden channel and accept raw IRC text commands. Remote attackers can then issue IRC commands as if the commands were issued directly from the hijacked mIRC client. The infected computer can then be used to send arbitrary files, flood other computers and relay textual messages.
|
