high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | August 2005 (3.96) |
| Protection available since | 27 September 2004 17:28:11 (GMT) |
| Last updated | 17 June 2005 22:26:03 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Loony-I is a backdoor Trojan which allows a remote intruder to access and control the computer via IRC channels.
when first run Troj/Loony-I moves itself to the Windows system folder as winampa.exe and creates the following registry entry to run winampa.exe on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Taskmon driver = winampa.exe
A fake error message may be displayed with the text 'Windows Error', 'General Protection Fault Error, please delete file.'.
Each time the Trojan is run it tries to connect to a remote IRC server on port 6667 using a random nickname and join a specific channel. The Trojan then listens on the channel for instructions specified by a remote intruder.
The Trojan allows a remote intruder to perform a variety of actions on the infected machine, such as: reboot the compter, steal passwords, get folder listings, execute files, delete files or folders, rename files, download files, upload files, get a list of active processes, terminate active processes and carry out DDoS attacks on remote IP addresses.
|
