This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Presence of above mentioned activities.
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.
Upon execution, it connects to the internet and downloads a file in the below location
Above mentioned file comes to execution and drops a file in below location
It tries to read the address book of Mail clients
The Trojan steals stored passwords, cache and cookies from the following applications.
The Trojan tries to search and hack a user accessed server using the below mentioned FTP clients with the above commonly used password list.
It connects to the following remote location
It creates below Registry Keys
It creates below Registry Key values:
Above registry entries are set by the malware to disable the windows firewall notification as well as it opens the TCP(22120) and UDP(16822) ports.
The above registry entry makes sure that the malware automatically get executed whenever system startup
Notes: - C:\windows\ - %windir% , C:\Documents and Settings\Administrator\Application Data-%appdata%
All Users:Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
PC Infected? Get Expert Help
Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!
© 2003-2017 McAfee, Inc.