 |
|
|
  Vælg land Vælg produkt
|
| W32/Ryknos.A |
Destructivity:  |
Spreading: |
Overall risk:  |
| • |
Detected by virus detection files published: 10 Nov. 2005 |
| • |
Virus characteristics first published: 10 Nov. 2005 |
| • |
Virus characteristics latest update: 28 Nov. 2005 |
|
| • |
Type: Backdoor |
| • |
Alias: Win32.Ryknos.A, Backdoor.Breplibot.B,Troj/Stinx-E |
| • |
Spreading mechanism: |
| • |
Overall risk: Low |
| • |
Payload: Gives unauthorized access to computer. |
|
 |
This is a backdoor trojan. File size is 10240 bytes. It is very closely related to the Breplibot series of backdoors. It is extremely buggy, and many of its features will not work. The trojan copies itself to the System directory, where it will attempt to use the same file name as one of the components used by the First 4 Internet Digital Rights Management software. This can in certain settings hide the presence of this backdoor on the system. The backdoor will attempt to add itself as a trusted process with the Windows Firewall. File system changes: Creates file <SYSTEMDIR>\$sys$drv.exe Registry changes: Creates key "HKCU\Software\WkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj "$sys$drv"="$sys$drv.exe"
Creates key "HKLM\Software\WkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj "$sys$drv"="$sys$drv.exe" The mangled registry keys is another example of bugs in the code. These keys will not autostart the backdoor from bootup.
It will create the mutex "$sys$drv.exe" if installed correctly.
|
 |
|
Frigivelsesdato for seneste definitionsfiler
|
|
|
Medium risk
Low risk