W95/Backdoor.Fix2001 Worm Information
Name: Backdoor.SubSeven
Aliases: Backdoor.Trojan, Backdoor-G, Backdoor.SubSeven.1_7, Backdoor.G
Type: Remote access trojan
Description:
Backdoor.SubSeven has been distributed as an email attachment and in newsgroups. It uses various names. The infected system acts as a server for the client controlled by the virus author. The trojan may create any of the following files on the system:
WINDOWS\
- DATA2.EXE
- KERNEL16.DLL
- NODLL.EXE
- RUNDLL16.COM
- SERVER.EXE
- SYSTEMTRAYICON!.EXE
- TINURAK.EXE
- WINDOW.EXE
WINDOWS\SYSTEM\
- LMDRKI_33.DLL
- WATCHING.DLL
The trojan also modifies the RunServices key in the registry, WIN.INI or SYSTEM.INI to launch the application when the system reboots. The application is not visible in Task Manager.
Backdoor.SubSeven attempts to establish a TCP/IP connection. If successful, the controlling client gains remote access and is able to perform a variety of tasks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Home � Purchase Center � Virus Center � Support Center
|
