Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Size:234,496 bytes 
Damage:Spreads using different IRC servers. 
VDF Version: 

General DescriptionAffected systems:
Windows NT, Windows 2000, Windows XP, Windows Server 2003

Technical DetailsThis backdoor Trojan is dropped by the email worm Mydoom.U.
When activated, it makes the following registry entry:

It creates two copies in the following directories:

The following files are created also:
%sysdir%\dx32cxel.sys (4096 bytes)
%sysdir%\dx32cxconf.ini (17 bytes)
%sysdir%\SVKP.SYS (2368 bytes)

The 'hosts' file is modified, so that the websites of many antivirus providers can not be accessed. The 'hosts' file is usually:

The following IP addresses are contacted:

The above registry entry ensures that the file 'dx32cxel.sys' starts as service. When it starts, it will hide active processes and files from the user.

The following message appears, if there are any active monitoring programs, such as Filemon or Regmon:
"Application cannot be run with debugger or monitoring tool(s) loaded!
Please unload it and restart the application."

Manual Remove InstructionsTo remove the backdoor Trojan, the following registry entry has to be deleted:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\dx32cxel]
After restarting Windows, the above mentioned files must be deleted.
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .