Backdoor.Antilam.gen
Description Backdoor.Antilam.gen
Antilam is a family of remote administration trojan programs. The backdoor code allows remote users to control victim computers over a local network or the Internet. Most of the features are configured by the hacker(s) exploiting Antilam by using a special server editor program. There is also a special client program that provides a user-friendly graphical interface for connecting to the trojan program and for sending remote administration commands. The main trojan application is written in Delphi and compressed with the UPX compression utility. Antilam's size varies depending on the specific version.
Usually, the trojan copies itself to the root directory or to one of the Windows directory subdirectories, where it proceeds to establish the ability to be executed automatically when Windows is started.
The remote administration commands allow Antilam to perform the following actions on victim computers:
- shut down or remove the trojan program
- gather system and owner information
- load and eject CD-ROM contents
- "mess" with the Windows Desktop contents
- turn off or speed up the mouse movement
- show user-defined messages
- manage open windows
- restart or shut down the computer
- change the system date
- turn off the keyboard - manage files on victim computer disks
- gain full access to the system registry
- change screen resolution
- save any information that is typed by the victim
- print user-defined texts
- change Windows color schemes
- manage dial-up connections
- manage the remote clipboard
- chat with other hackers that are connected to the victim computer
Check other viruses! Be aware! Use Antiviral Software
GS.525
Description GS.525
This is a harmless memory resident virus which hooks INT 21h and infects by standard way the COM-files that are started which begin from JMP NEAR (E9h) opcode only. The string "GS/02" is present at the beginning of infected files and at the virus entry point.
GT-Spoof.1131
Description GT-Spoof.1131
It is harmless memory resident polymorphic parasitic virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are accessed. It contains the internal text string:
Good Times by Qark/VLAD
|