Subscribe0 0
This Trojan program enables the attacker to use the infected computer as a mail proxy-server. It runs under Windows, and is approximately 9KB, compressed using UPX. The decompressed file is approximately 35KB. Installation When launched, the Trojan copies itself to the Windows system directory under the name 'system.exe'
To enable autorun, the Trojan creates the following key in the system registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ssgrate.exe = %system%\system.exeThe Trojan then attempts to connect to several remote servers to transmit information about the infected computer (IP address etc) to the author of the worm.
The programs opens port 39999 on the infected machine and installs itself as a proxy server. Once this has been done, the infected machine can be used in spamming. Other The Trojan searches for the following processes in memory and attempts to stop them from working.
ATUPDATER.EXE AVWUPD32.EXE AVPUPD.EXE LUALL.EXE DRWEBUPW.EXE ICSSUPPNT.EXE ICSUPP95.EXE UPDATE.EXE NUPGRADE.EXE ATUPDATER.EXE AUPDATE.EXE AUTODOWN.EXE AUTOTRACE.EXE AUTOUPDATE.EXE AVXQUAR.EXE CFIAUDIT.EXE MCUPDATE.EXE NUPGRADE.EXE
Hot Articles