Backdoor.Katien.a
Description Backdoor.Katien.a
Katien is a backdoor trojan program. The trojan itself is a Windows PE EXE file about 50KB in length and written in Microsoft Visual C++.
Once executed the backdoor program registers itself in the system registry auto-run section:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
The key name depends on the backdoor variant:
TaskReg = %trojan file name% Service = %trojan file name%
Once this is done Katien then opens a backdoor connection and waits for its master's (person controlling the Trojan program) commands. The Katien backdoor program performs just a few commands:
gets a file from a requested URL
runs a command or specified local file
performs a DoS attack on the requested victim address
terminates itself
The backdoor program has copyright strings (lines) depending on the backdoor variant:
Voyager Alpha Force: Age of Kaiten
Kaiten Win32 API version: contem@efnet
Check other viruses! Be aware! Use Antiviral Software
DirVirus.760
Description DirVirus.760
This is a memory-resident dangerous parasitic virus. It hooks INT 21h and infects COM files upon calling the functions FindFirst and FindNext FCB (these functions are used by the DIR command, that gave the name to the virus). The virus appends itself to the end of files, altering 6 bytes at their beginning (PUSH Loc_Virus; RET). This infector removes and does not restore the "read-only" attribute, set the file creation time to 60 sec. Sometimes it erases the FAT.
"DirVirus.760" contains the internal text strings:
COMMAND.COM
SBK (C) 1989 Varna. All rights reserved.
MANOWAR
Dis.1024
Description Dis.1024
It's a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and writes itself to the end of EXE-files that are executed. Depending on the system timer it erases disk sectors and displays the message:
***The Heaven Version 3.0 (C)Copyright 1993 DiS co.***
***If you can read this , you don't need glasses!***
|