Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Alias:Backdoor.Tsunami.c, IRC-Pitchfork, Backdoor.Dvldr
Type:Worm 
Size:29.336 Bytes 
Origin: 
Date:01-01-2003 
Damage:Connection through TCP Port 6667 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

SymptomsPlease get info from General Description if you consider necessary.

Technical DetailsIt is an IRC Trojan. When activated, it creates the following files:

%Font%
undll32.exe (29,336 Bytes)
%Systemdirectory%cygwin1.dll (944,968 Bytes)

and makes the following Registry Entry, to be automatically activated on Systemstart:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows CurrentVersionRun"TaskMan" = %Fonts%
undll32.exe


* the variable %Font% is a standard Windows fonts file.

The Trojan contacts IRC ports and listens for further commands. It creates the hidden file rundll32.exe in fonts directory and opens TCP Port 6667. The Trojan contacts the IRC Servers:

cocket.nailed.org
cocket.mooo.com
cocket.bounceme.net
cocket.phathookups.com
cocket.gotdns.com
cocket.ma.cx
cocket.orgdns.org
cocket.minidns.net
cocket.dyn.nicolas.cx
cocket.dynup.net
cocket.pokemonfan.org
cocket.staticcling.org
cocket.getmyip.com


Descrição enviada por Crony Walker em terça-feira, 15 de junho de 2004

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.