Backdoor.Tidserv.K

Backdoor.Tidserv.K may attempt to steal sensitive information from the infected PC, and can also allow a remote attacker access to the system. It monitors internet statistics and usage from various websites.

 

Discovered: January 28, 2010
Infection Length: 66,560 bytes
Systems at Risk: Windows XP and Earlier
Mutex Object: {CC51461B-E32A-4883-8E97-E0706DC65415}
MD5: 8c3472ccf56760e977b8ca005195f6d5
The following files are created.
  • %Windir%\system32\spool\prtprocs\{%RANDOM NAME ONE%}.tmp
  • %Temp%\{%RANDOM NAME TWO%}.tmp
  • %CurrentFolder%\Surprise.exe
The following registry entries are created.
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{%RANDOM NAME THREE%}
The trojan will then enter a "dormant" period, and will remove itself from the system if you restart the computer, unless one of the following processes are executed prior to.
  • spoolsv.exe
  • svchost.exe

Add this page to your favorite Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! TwitThis Joomla Free PHP
< Prev   Next >

Last Updated ( Tuesday, 09 February 2010 18:36 )