Zitat:
O4 - HKLM\..\Run: [GLSetIT32] C:\windows\system32\svchorst.exe
O4 - HKLM\..\RunServices: [GLSetIT32] C:\windows\system32\svchorst.exe
|
Hierbei dürfte es sich um eine neue Variante von BKDR_OPTIX.133 handeln!
Zitat:
Backdoor Capabilities
It attempts to connect to a remote target machine using port 3410 and allows a malicious user to perform the following backdoor functionalities through its client component:
* Compatibility with older server versions
* Client SOCKS 4/5 support
* Server SOCKS 4/5 support
* Power options (logoff, suspend, restart or shutdown machines)
* Server information (includes builder settings)
* File Manager, Process Manager, Windows Manager, Registry Manager, FTP Manager application
* Remote IP scanner
* Port/application redirection
* Error message box display
* Matrix chat (Client-2-vic), Client-2-Client chat
* Obtain system information (passwords for RAS/Cached on 9x and AIM machines)
* Obtain keystrokes/window titles
* Capture screen with left-click mouse manipulation and via cam
* Keyboard manipulation
* SendKeys (old version of SendKeys for older servers)
* Humor normals (flash keyboard lights, monitor on/off, disable keyboard/mouse etc.)
* Humor screen printer and print text to their screen |
Quelle:
http://www.trendmicro.com/vinfo/viru...IX.133&VSect=T
Daher würde dir ein
Neuaufsetzen deines Systems empfehlen!
http://www.trojaner-board.de/showpos...28&postcount=2
__________________
06.10.2004, 14:54
Baum-Darstellung