Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:Backdoor.Litmus (AVP/KAV, AVG), Backdoor.Trojan (Symantec), BKDR_LITMUS (Trend), IRC Trojan (Symantec), security risk or a "backdoor" program (F-Prot), W32/Litmus (Norman, Eset, Vet)
Size:variable (7kB-150kB) 
Damage:Backdoor component. 
VDF Version:  

DistributionThis Trojan can connect to Internet Relay Chat sevrer and receives instructions through IRC port.

Technical DetailsThis UPX-packed Trojan opens TCP/IP port 30005. Thus, an attacker can open, run and delete the local system user's file. Windows can also be affected.
The Trojan copies itself in Windows directory as traywnd.exe and makes the registry autostart entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion_ \Run "Taskschd" = %WINDIR%\traywnd

Other versions of the Trojan copy themselves in ´Litmus' folder of Windows directory (with various names) and make similar registry entries.

The source of this backdoor is available for hackers in many versions. So, some of the versions can be found under different names by other AV programs.
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .