Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:Backdoor.Tsunami.c, IRC-Pitchfork, Backdoor.Dvldr
Size:29.336 Bytes 
Damage:Connection through TCP Port 6667 
VDF Version: 

SymptomsPlease get info from General Description if you consider necessary.

Technical DetailsIt is an IRC Trojan. When activated, it creates the following files:

undll32.exe (29,336 Bytes)
%Systemdirectory%cygwin1.dll (944,968 Bytes)

and makes the following Registry Entry, to be automatically activated on Systemstart:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows CurrentVersionRun"TaskMan" = %Fonts%

* the variable %Font% is a standard Windows fonts file.

The Trojan contacts IRC ports and listens for further commands. It creates the hidden file rundll32.exe in fonts directory and opens TCP Port 6667. The Trojan contacts the IRC Servers:

Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .