Sophos

Troj/Taladra-E

Aliases
  • Backdoor.Win32.Taladrator.31
  • BackDoor-AMU.gen
  • BKDR_TALADRAT.A
  • Trojan.Taladrator-1
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Characteristics
  • Drops more malware
  • Installs itself in the registry
Protection available since 7 July 2005 23:54:47 (GMT)
Last updated 20 October 2005 20:56:01 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Taladra-E is a backdoor Trojan for the Windows platform.

Troj/Taladra-E runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

When first run Troj/Taladra-E copies itself to <System>\ExpIorer.exe and creates the following files:

<System>\hostv2.dll - Troj/Taladra-E
<System>\mswinsck.ocx - clean system file
<System>\ntsvc.ocx - clean system file

The file ExpIorer.exe is registered as a new system driver service named "ExpIorer", with a display name of "Navegador de red" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\ExpIorer\

The file hostv2.dll is registered as a COM object, creating registry entries under:

HKCR\CLSID\(FB9567BF-8FD9-4127-9EFC-B756F4C99719)\
HKCR\Interface\(A8A48EE4-E82A-4DDE-BA52-D93E9110940B)\
HKCR\TypeLib\(9A0599D1-1492-4494-B327-00803EA150AC)\
HKCR\hostv2.Class1\

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer