high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 19 May 2006 06:25:42 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing infected executable files.
More Information
W32/Dbit-B is a virus and backdoor Trojan for the Windows platform.
W32/Dbit-B attempts to infect EXE files. W32/Dbit-B allows unauthorized remote access to the infected computer.
W32/Dbit-B will attempt to connect to predefined URLs in order to report infection and download files. The virus may also act as a backdoor allowing the following actions to be performed by a remote user on the infected system:
Create folder
Delete files
Execute files
Rename files
Act as a proxy server
Log keypresses
Steal passwords
W32/Dbit-B will also attempt to collect information about the infected system and report it to a predefined URL. The information collected includes:
Username
Running processes
IP related information
Available drives
W32/Dbit-B also contains a stealthing component in order to make itself invisible to the user. W32/Dbit-B is a virus and backdoor Trojan for the Windows platform.
W32/Dbit-B attempts to infect EXE files. W32/Dbit-B allows unauthorized remote access to the infected computer.
W32/Dbit-B will attempt to connect to predefined URLs in order to report infection and download files. The virus may also act as a backdoor allowing the following actions to be performed by a remote user on the infected system:
Create folder
Delete files
Execute files
Rename files
Act as a proxy server
Log keypresses
Steal passwords
W32/Dbit-B will also attempt to collect information about the infected system and report it to a predefined URL. The information collected includes:
Username
Running processes
IP related information
Available drives
W32/Dbit-B also contains a stealthing component in order to make itself invisible to the user.
When W32/Dbit-B is installed it creates the file <System>\msjet62.dll.
The file msjet62.dll is registered as a new system driver service named "Irmon", with a display name of "Portable Media Serial Number Service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Irmon\
W32/Dbit-B will attempt to remove processes and services associated with the following files:
ethereal.exe
aports.exe
tcpview
windump.exe
iris.exe
CV.exe
sniffer.exe
iexplore.exe
outlook.exe
icq.exe
msimn.exe
msmsgs.exe
msnmsgr.exe
qq.exe
endoscope.EXE
icqlite.exe
foxmail.exe
|
