Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Backdoor.VNC-based, BackDoor-ARG.dr, Backdoor.Dvldr
Is a Trojan, which enables unauthorized access to systems.
The Trojan secures VNC applications, after it names itself EXPLORER.EXE. It performs the installation of the file INST.EXE, which is used by the VNC application. The Trojan listens on TCP Port 5800 waiting for further commands.
It creates the following hidden files, in %Font% directory:
VNCHooks.dll (32,768 Bytes)
explorer.exe (212,992 Bytes)
The Trojan will be installed by a so-called Dropper. It makes the following Registry entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows CurrentVersionRun "Explorer" = %Fonts folder%explorer.exe
Thus, the Trojan will be run at every system start.
Description inserted by Crony Walker on Tuesday, June 15, 2004