Troj/Stinx-S

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	31 January 2006 15:23:24 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

Please read the instructions for removing Troj/Stinx-S.

More Information

Summary
Action
More Information

Troj/Stinx-S is a backdoor Trojan for the Windows platform.

Troj/Stinx-S connects to a number of remote ip addresses on port 8080, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

When first run Troj/Stinx-S copies itself to <System>\lsadst.exe and creates the following registry entries to run this file on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WindowsProtocolLog
lsadst.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WindowsProtocolLog
lsadst.exe

Troj/Stinx-S may drop and run files called <Temp>\<random numbers>.bat in order to bypass the Windows firewall using "netsh" or in order to delete itself.

Troj/Stinx-S attempts to terminate a number of processes related to anti-virus and security programs.

Troj/Stinx-S may download and execute files from a remote website.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Stinx-S

Summary

Action

More Information