high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 30 January 2006 04:38:51 (GMT) |
| Last updated | 29 October 2008 20:40:06 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Telemot-B is a backdoor Trojan for the Windows platform.
When first run Troj/Telemot-B copies itself to <System>\chkdsk64.exe.
The file CHKDSK64.exe is registered as a new system driver service named "Logical Users Disk Manager Service", with a display name of "Disk management service for users requests" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Logical Users Disk Manager Service\
Troj/Telemot-B injects code into svchost.exe which listens for incoming TCP connections. An attacker connecting to the Trojan will be given a shell from which they can run commands that will:
list or kill processes
transfer files
view and modify registry settings
reboot the infected computer
show system information
take screenshots
download and install an updated version of the Trojan
If run with sufficient rights Troj/Telemot-B will install itself as an application authorised by Window Firewall to communicate with the outside world.
|
