BG.3178
Description BG.3178
This is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 21h, and writes itself to the end of EXE files that are accessed. This virus writes file texts in Russian to TXT, PAS, CPP, DIZ and NFO files. The virus also contains the text:
=> üâ Virus Ver. 3.0 <=
Check other viruses! Be aware! Use Antiviral Software
Backdoor.Nethief
Description Backdoor.Nethief
The family of classic trojan horse for hidden remote control. This backdoors uses standard client-server technology and includes two parts - client and server, both are Windows executable files (PE EXE). The backdoor server is installed on victim computers, and the client controls them from remote station.
When the server is run it registered itself in system registry. Usually modificated following key:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
Backdoor.Nickser
Description Backdoor.Nickser
Nickser is a backdoor trojan program. The trojan itself is a Windows PE EXE file about 136KB in length (when compressed by TeLock, the decompressed size is about 270KB). It is written in Microsoft Visual C++.
When run the backdoor copies itself under the name lsass.exe name to the Windows directory and registers itself in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
UserInitialization = %WinDir%lsass.exe
Nickser then reads its "master's" instructions from an encrypted script file located on the Web at http://go.xmain.da.ru.
The backdoor routine performs the following actions:
- gets a file from requested URL
- runs a command or specified local file
- performs DoS attack to requested victim address
- terminates itself
- joins IRC channel
- opens local drives as FTP site
- e.t.c.
|