Troj/Stinx-M

Please follow the instructions for removing Trojans.

Troj/Stinx-M is a backdoor Trojan for the Windows platform.

Troj/Stinx-M can be instructed to delete, download and execute files.

Sophos's anti-virus products include Genotype™ detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against Troj/Stinx-M (detected as Troj/Stinx-Fam) since version 3.98. Troj/Stinx-M is a backdoor Trojan for the Windows platform.

Troj/Stinx-M connects to one of several IP addresses and runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run Troj/Stinx-M copies itself to <System>\csrdeu32.exe and creates the following files:

<Temp>\159.bat (may be safely deleted)
<Temp>\436.bat (may be safely deleted)

The following registry entries are created to run csrdeu32.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TaskControlLog
csrdeu32.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskControlLog
csrdeu32.exe

Troj/Stinx-M can be instructed to delete, download and execute files.

Troj/Stinx-M will attempt to circumvent the Windows Firewall if it is present by adding itself to the list of allowed programs.

Troj/Stinx-M may arrive as an email attachment wherein it is claimed that the attached file is a photograph to be published that requires approval.

Sophos's anti-virus products include Genotype™ detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against Troj/Stinx-M (detected as Troj/Stinx-Fam) since version 3.98.