high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | May 2006 (4.05) |
| Protection available since | 10 March 2006 22:18:40 (GMT) |
| Last updated | 16 March 2006 15:19:05 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/PWS-KI is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/PWS-KI includes functionality to access the internet and communicate with a remote server via HTTP. The Trojan may send an email to inform a remote user when a computer has been compromised, and may also inform the remote user of the password used to connect to the internet.
Troj/PWS-KI modifies internet security settings. Troj/PWS-KI is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/PWS-KI includes functionality to access the internet and communicate with a remote server via HTTP. The Trojan may send an email to inform a remote user when a computer has been compromised, and may also inform the remote user of the password used to connect to the internet.
When first run Troj/PWS-KI copies itself to the Windows folder and to
<Startup>\Server.exe.
Troj/PWS-KI also creates the following files:
\sendhmtl.htm
<CurrentFolder>\regadd706.Reg
The file sendhmtl.htm can be deleted.
The file regadd706.Reg may cause the follwing registry entry to be set, so that the Trojan automatically runs on system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft
<name of copy of Trojan in the Windows folder>
Note that the second copy of the Trojan, in the <Startup> folder, will also be started automatically.
The following registry entry is also set, affecting internet security:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1601
0
|
