Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:Backdoor.VNC-based, BackDoor-ARG.dr, Backdoor.Dvldr
Type:Worm 
Size:212.992 Bytes 
Origin: 
Date:01-01-2003 
Damage:Is a Trojan, which enables unauthorized access to systems. 
VDF Version:6.xx.xx 
Danger:Low 
Distribution:Low 

Technical DetailsThe Trojan secures VNC applications, after it names itself EXPLORER.EXE. It performs the installation of the file INST.EXE, which is used by the VNC application. The Trojan listens on TCP Port 5800 waiting for further commands.
It creates the following hidden files, in %Font% directory:

VNCHooks.dll (32,768 Bytes)
explorer.exe (212,992 Bytes)
omnithread_rt.dll

The Trojan will be installed by a so-called Dropper. It makes the following Registry entry:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows CurrentVersionRun "Explorer" = %Fonts folder%explorer.exe

Thus, the Trojan will be run at every system start.
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .