Virus Database

MSU.271

Description MSU.271

It is a harmless nonmemory resident parasitic virus. It searches for COM files, then writes itself to the beginning of the file. It contains the text string:
MSU-Virus v1.0:The StartUp !

Check other viruses! Be aware! Use Antiviral Software

Backdoor.Subseven

Description Backdoor.Subseven

This is a remote administration utility used to control infected machines. It functions in a similar way to Backdoor.BO (a.k.a. Back Orifice) Trojan.

Backdoor.TheThing

Description Backdoor.TheThing

This text was written by Peter Szor, Data Fellows Ltd
This backdoor copies itself with the EXPIORE.EXE name to the Windows directory and with the name of RUNDLI.EXE to the Windowssystem directory. It then modifies the SYSTEM.INI "shell" section to execute the program each time when Windows starts up, or the registry run field.
When executed, it tries to connect to wnp.icq.com with a user id of 111138. This id is owned by a hacker now calling himself "Of Hacker Anarchy Warrior". TheThing sends a message to him, and in this way, the hacker can see that the program is used on the actual machine. Then the local program starts to listen, therefore, the hacker can start to communicate and get information from that particular machine.
To remove it, someone has to delete this file and the RUNDLI.EXE from the system directory and fix the SYSTEM.INI shell section to remove the executed EXPIORE.EXE from there/or from the RUN field of the registry.

Home