high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | March 2006 (4.03) |
| Protection available since | 31 January 2006 15:23:24 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing Troj/Stinx-S.
More Information
Troj/Stinx-S is a backdoor Trojan for the Windows platform.
Troj/Stinx-S connects to a number of remote ip addresses on port 8080, providing a backdoor server which allows a remote intruder to gain access and control over the computer.
When first run Troj/Stinx-S copies itself to <System>\lsadst.exe and creates the following registry entries to run this file on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WindowsProtocolLog
lsadst.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WindowsProtocolLog
lsadst.exe
Troj/Stinx-S may drop and run files called <Temp>\<random numbers>.bat in order to bypass the Windows firewall using "netsh" or in order to delete itself.
Troj/Stinx-S attempts to terminate a number of processes related to anti-virus and security programs.
Troj/Stinx-S may download and execute files from a remote website.
|
