Troj/Lixy-B

Category: Viruses and SpywareProtection available since:10 Nov 2003 00:00:00 (GMT)
Type: TrojanLast Updated:05 Dec 2003 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Lixy-B is a backdoor Trojan.

The component parts of Troj/Lixy-B usually have the following filenames:

MSM.EXE
SSOCKS5.DLL
REGSOCKS5.EXE

MSM.EXE is a socks 5 proxy server detected as Troj/Prx-C.

REGSOCKS5.EXE initialises the backdoor by creating the appropriate registry entries and attempts to start the proxy server. REGSOCKS5.EXE is detected by this identity.

SSOCKS5.DLL contains the main functionality and is implemented as a browser helper object. SSOCKS5.DLL is also detected by this identity.

Troj/Lixy-B creates the following registry entries in order to run as a browser helper object:

HKCR\CLSID\[1E1B2879-88FF-11D2-8D96-000000000003]

HKCR\HTMLEdit.SSocks5 HKCR\HTMLEdit.SSocks5.1

HKCR\Software\CLASSES\CLSID\[1E1B2879-88FF-11D2-8D96-000000000003]

HKCR\Software\CLASSES\HTMLEdit.SSocks5 HKCR\Software\CLASSES\HTMLEdit.SSocks5.1

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ Browser Helper Objects\[1E1B2879-88FF-11D2-8D96-000000000003]