Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Backdoor.Litmus (AVP/KAV, AVG), Backdoor.Trojan (Symantec), BKDR_LITMUS (Trend), IRC Trojan (Symantec), security risk or a "backdoor" program (F-Prot), W32/Litmus (Norman, Eset, Vet)
This Trojan can connect to Internet Relay Chat sevrer and receives instructions through IRC port.
This UPX-packed Trojan opens TCP/IP port 30005. Thus, an attacker can open, run and delete the local system user's file. Windows can also be affected.
The Trojan copies itself in Windows directory as traywnd.exe and makes the registry autostart entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion_ \Run "Taskschd" =
Other versions of the Trojan copy themselves in ´Litmus' folder of Windows directory (with various names) and make similar registry entries.
The source of this backdoor is available for hackers in many versions. So, some of the versions can be found under different names by other AV programs.
Description inserted by Crony Walker on Tuesday, June 15, 2004