high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 9 March 2006 05:52:19 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entry, if it is present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
it should contain a reference to explorer.exe (or possibly NALWIN32.exe if you are using NetWare) only. Remove any reference to any file you deleted. You may need to replace the reference to explorer.exe.
Close the registry editor.
More Information
Troj/PeepVie-W is a backdoor Trojan for the Windows platform.
Troj/PeepVie-W includes functionalities to:
- access the internet and communicate with a remote server via HTTP
- allow unauthorized access to the infected computer
- change process privileges
- download, install and run new software
Troj/PeepVie-W is a backdoor Trojan for the Windows platform.
Troj/PeepVie-W includes functionalities to:
- access the internet and communicate with a remote server via HTTP
- allow unauthorized access to the infected computer
- change process privileges
- download, install and run new software
When run Troj/PeepVie-W copies itself to <System>\explorer.exe.
Troj/PeepVie-W sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
<System>\explorer.exe
|
