high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | March 2006 (4.03) |
| Protection available since | 1 February 2006 13:09:05 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing Troj/Stinx-U.
More Information
Troj/Stinx-U is a backdoor Trojan for the Windows platform.
Troj/Stinx-U connects to a number of remote ip addresses on port 8080, providing a backdoor server which allows a remote intruder to gain access and control over the computer.
Troj/Stinx-U attempts to terminate a number of processes related to anti-virus and security programs.
Troj/Stinx-U may download and execute files from a remote website. Troj/Stinx-U is a backdoor Trojan for the Windows platform.
Troj/Stinx-U connects to a number of remote ip addresses on port 8080, providing a backdoor server which allows a remote intruder to gain access and control over the computer.
When first run Troj/Stinx-U copies itself to <System>\lsadst.exe and creates the following registry entries to run this file on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WindowsDiskEvt
svcsvh32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WindowsDiskEvt
svcsvh32.exe
Troj/Stinx-U may drop and run files called <Temp>\<random numbers>.bat in order to bypass the Windows firewall using "netsh" or in order to delete itself.
Troj/Stinx-U attempts to terminate a number of processes related to anti-virus and security programs.
Troj/Stinx-U may download and execute files from a remote website.
|
