sierrapeac
MIS
Norton Anti-Virus Detected this virus. Does anyone know how to repair this? Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
BACKDOOR.TROJAN VIRUS ON SHELLEX.EXE
- Thread starter sierrapeac
- Start date
- Status
Use the latest dats and scan engine to remove this... here is what it does..
This Remote Access Trojan masquerades as a downloader for an email client application. When executed on the victim machine, the Trojan attempts to connect to an FTP server. The Trojan contains the string:
'Would you like to download Bmail.. Bmail is a talking Email software that works with POP and other email accounts. Its works with Yahoo also. More will be added soon..'
In addition to opening this FTP connection, the worm opens an additional port on the victim machine, enabling remote access to the machine.
The Trojan sets the following Registry key in an attempt to run itself at system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\_
Run "SetFTPBack" = C:\WINDOWS\SYSTEM\createsw.exe
However, in testing the Trojan did not successfully copy itself to CREATESW.EXE in the System directory.
This Remote Access Trojan masquerades as a downloader for an email client application. When executed on the victim machine, the Trojan attempts to connect to an FTP server. The Trojan contains the string:
'Would you like to download Bmail.. Bmail is a talking Email software that works with POP and other email accounts. Its works with Yahoo also. More will be added soon..'
In addition to opening this FTP connection, the worm opens an additional port on the victim machine, enabling remote access to the machine.
The Trojan sets the following Registry key in an attempt to run itself at system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\_
Run "SetFTPBack" = C:\WINDOWS\SYSTEM\createsw.exe
However, in testing the Trojan did not successfully copy itself to CREATESW.EXE in the System directory.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question