Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4273 (2003-06-25) Updated DAT4273 (2003-06-25) |
Minimum Engine
5.1.00 File Length36,864 bytes |
Description Added
2003-06-18 Description Modified2003-06-19 |
Malware Proliferation
Characteristics
This threat was updated to a Low-Profiled risk due to media attention at: http://www.vnunet.com/News/1141730 This trojan examines TCP network traffic in an attempt to capture usernames and passwords. Information is logged to the files c:\temp.txt and c:\logfile.txt. The contents of this information is sent to an email address @163.com, via the SMTP server 61.135.132.125 and the trojans internal SMTP engine.
Symptoms
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "systrimit" = C:\WINNT\System32\systrimit.exe
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.
It has been reported that this trojan was recently SPAMMED to a number of email addresses.
Removal
All Windows Users:
Use current engine and DAT files for detection and removal.
Manual Removal Instructions
-
Delete the registry key(s) as mentioned above
Information on deleting registry keys
Restart the computer
Delete the files mentioned above
Variants