high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 20 April 2006 12:56:56 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/ServU-CT is a backdoor Trojan for the Windows platform.
Troj/ServU-CT allows an infected computer to be used as a file server.
When Troj/ServU-CT is installed the following files are created:
<System>\inetsrv\JAstat.dll
<System>\inetsrv\JAstat.ini
<System>\inetsrv\JAstat.stats
<System>\inetsrv\ServUCert.crt
<System>\inetsrv\ServUCert.key
<System>\inetsrv\dirchange.txt
<System>\inetsrv\help.txt
<System>\inetsrv\libeay32.dll
<System>\inetsrv\logoff.txt
<System>\inetsrv\msdtcdll.bin
<System>\inetsrv\msdtce.exe
<System>\inetsrv\read.txt
<System>\inetsrv\rules.txt
<System>\inetsrv\ssleay32.dll
<System>\inetsrv\stat.txt
<System>\inetsrv\topdl.body
<System>\inetsrv\topdl.foot
<System>\inetsrv\topdl.head
<System>\inetsrv\topul.body
<System>\inetsrv\topul.foot
<System>\inetsrv\topul.head
<System>\inetsrv\ustat.txt
<System>\inetsrv\who.body
<System>\inetsrv\who.foot
<System>\inetsrv\who.head
The file msdtce.exe is also detected as Troj/ServU-CT. The rest of the files are clean, and may safely be deleted.
The following registry entry is created to run msdtce.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Distributed Transaction
<System>\inetsrv\msdtce.exe
|
