high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 26 August 2004 09:21:07 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
You will also need to edit the following registry entry, if it is present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
winsrv = <WINDOWS>\winsrv.exe
and delete it if it exists.
Close the registry editor.
Change any passwords that may have become compromised.
More Information
Troj/Singu-O is a backdoor Trojan.
When first run, Troj/Singu-O copies itself into the Windows folder as WINSRV.EXE. The Trojan then drops a hidden DLL file named FINDRIV.DLL into the Windows System folder and runs it. This DLL file is also detected as Troj/Singu-O.
In order to run each time Windows is started, Troj/Singu-O sets the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
winsrv = <WINDOWS>\winsrv.exe
Troj/Singu-O listens for connections from a malicious user. Once connected, the malicious user can send commands to control and spy on the infected computer. The backdoor can be used to:
- Copy, delete, run, send and download files on the infected computer.
- Log keyboard presses.
- Control the keyboard and mouse.
- Take screenshots of the desktop.
- Capture images from an attached webcam.
- Listen in using the microphone.
- Control and close windows on the desktop.
- List and kill processes running on the computer.
- Edit the registry.
- Shut down and lock the computer.
- Steal user information and passwords from the computer.
In particular, passwords from password protected sites accessed by Internet Explorer and Autocomplete passwords are vulnerable to theft.
Troj/Singu-O may set the Auto-dial and Auto-disconnect options on any dial-up accounts such that the computer will automatically connect to the internet.
|
