Backdoor.Ruledor.c
Description Backdoor.Ruledor.c
This program is part of the backdoor family of malicious programs intended for remote administration.
The victim computer can be remotely controlled and caused to execute the commands described in the file http://sds.cl**ch.com/ie/control.dat. The program downloads this file when starting.
Backdoor.Ruledor.c can also download and install other programs unnoticed.
Some incidents have been detected where a wide range of AdWare and Trojans have been downloaded and installed.
Installation
The program creates the directory ClearSearch in the Program Files folder, copies itself to this directory under the name loader.exe and registers as an autorun key in the system registry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Other
When the system is started, the program deletes all Browser Helper Objects (BHO) not installed by the program.
Check other viruses! Be aware! Use Antiviral Software
EAF.737
Description EAF.737
These are harmless not memory resident parasitic encrypted viruses. They search for COM-files and write themselves to their ends. They use several anti-debugger tricks and contain the internal text string "EAF0FF00F0".
"EAF.737" contains the internal text also: "K-4C VIRUS by Köhntark*.COM".
"EAF.655,656" do not contain any internal text. They display the name of the just infected file.
Earle.1431
Description Earle.1431
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM and .EXE files (except COMMAND.COM) that are executed or opened. On 97th infection the virus also hooks INT 13h and swaps disk access: from disk A: to disk B: and from B: to A:. With probability 0.04% depending on its internal counter the virus also redirects all hard drive access calls to A: drive.
The virus contains the text strings:
COMEXE
This program is dedicated to my girlfriend Gabriela,
who hates computers. SWITCH v 1.3 (C) by Windom Earle
|