Troj/Xrat-A

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Xrat-A is a backdoor Trojan for the Windows platform.

Troj/Xrat-A connects to the internet and opens up a backdoor port, allowing unauthorised remote access to the infected computer. The Trojan runs silently in the background awaiting commands from a remote intruder.

The remote intruder can instruct the Trojan to perform various actions, including:
steal registration keys for computer games
open and close the CD drive door
log keypresses
download or upload files
send email
start a proxy server
start a command shell
restart or crash the infected computer

Troj/Xrat-A copies itself to the Windows system folder as "svhost.exe".

On Nt-based versions of Windows (NT,2000,XP) svhost.exe is registered as a service process with a service name of "svhost", a displayname of "svhost System" and a start-type of automatic. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\svhost