Pages: (4)
|
Name
|
Filename
|
Status
|
Description
|
|
X
|
|||
|
Y
|
|||
|
X
|
Part of the family of the Rogue.WinAVPro family of rogues.
|
||
|
X
|
|||
|
X
|
Added by the Troj/Ransom-BO Trojan. This Trojan makes it so you cannot access your computer
unless you pay a ransom.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Identified by Kaspersky as a variant of the
Trojan.Win32.Sasfis.akhy malware.
|
||
|
X
|
|||
|
X
|
Added by the Bredolab.gen.o password-stealing Trojan. Please note
C:\Windows\System32\rundll32.exe is a legitimate program and should not be
removed.
|
||
|
Y
|
Explorer.exe is the user shell of Windows. This program loads
the desktop, Start Menu, taskbar and user interface for Windows.
|
||
|
X
|
|||
|
X
|
Added by the VBS/Autorun-AYI worm that spreads via USB keys. Please
C:\Windows\System32\wscript.exe is a legitimate program and should not be
deleted.
|
||
|
X
|
|||
|
X
|
Fake AV Trojan. When fixing this entry, please be careful. If
you do not change the userinit key to point back to userinit.exe, then your
computer will not boot up properly.
|
||
|
X
|
Identified by BitDefender as a variant of the
Gen:Trojan.Heur.PT.cqW@bCL2Eje malware.
|
||
|
X
|
Added by the W32.Fnumbot worm. W32.Fnumbot is a worm that spreads through removable
drives and opens a back door on the compromised computer.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Identified by Kaspersky as a variant of the Heur.Trojan.Generic
malware.
|
||
|
X
|
Identified by Sophos as a variant of the Mal/Zbot-I malware.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
Y
|
The userinit.exe is a program that is launched directly after a
user logs into Windows. This program restores your profile, fonts, colors,
etc for your username. This startup is a required and important system file
for Windows.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Identified as a variant of the TR/Downloader.Gen Trojan.
|
||
|
X
|
Identified as a variant of the Worm.IM.Sohanad worm.
|
||
|
X
|
|||
|
X
|
Identified as a variant of the PWS-Zbot malware.
|
||
|
X
|
Added by the VBS/AutoRun-KG removable media worm. Please note that Wscript.exe is a
legitimate file and should not be removed.
|
||
|
X
|
Added by the VBS/Autorun-JP removable media worm. Do not delete
C:\Windows\System32\wscript.exe as it is a legitimate program.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Identified as a variant of the Trojan-Banker.Win32.Banker.rqk
malware.
|
||
|
X
|
Identified as a variant of the Trojan Torpig-G malware.
|
||
|
X
|
Identified as a variant of the TR/Proxy.Gen malware.
|
||
|
X
|
|||
|
X
|
Added by the W32/Autorun-EL removable media worm. Please note that
C:\Wndows\System32\wscript.exe is a legitimate file and should not be
deleted.
|
||
|
X
|
Identified as a variant of the Troj/FakeAle-BI malware.
|
||
|
X
|
|||
|
X
|
Identified as a variant of the Backdoor:Win32/Tofsee.F malware.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the W32/Isetspy-C worm. C:\Windows\System32\wscript.exe should not be deleted as
it is a legitimate file.
|
||
|
X
|
A variant of the Troj/Nymod-A malware.
|
||
|
X
|
|||
|
X
|
Identified as a variant of the Troj/SpyAgent-H malware.
|
||
|
X
|
Identified as a variant of the Troj/Agent-GRP variant malware.
|
||
|
X
|
|||
|
X
|
Identified as a variant of the Adware/Netproject malware.
|
||
|
X
|
Identified as a variant of the Adware/Netproject malware.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the VBS.Autill worm. Do not delete C:\Windows\System32\wscript.exe as it is a
legitimate file.
|
||
|
X
|
|||
|
X
|
Identified as a variant of the Trojan.FakeAlert malware. This
malware will issue fake alerts on your computer stating you have security
problems and advertising rogue programs that can supposedly fix them.
|
|
Name
|
Filename
|
Status
|
Description
|
|
X
|
|||
|
X
|
Identified as part of the Adware/UltimateCleaner rogue
anti-spyware program.
|
||
|
X
|
|||
|
X
|
Identified by Kaspersky Antivirus as a variant of the
Virus.Win32.AutoRun.abt removable device worm.
|
||
|
X
|
Identified by Kaspersky antivirus as a variant of the Trojan-Dropper.Win32.Agent.dgo
malware.
|
||
|
?
|
Desktop Printer Driver from Microsoft. Anyone know what it does?
|
||
|
X
|
|||
|
?
|
Identified as either related to the Vundo Trojan or a variant of
the TROJAN.AGENT.GEN malware.
|
||
|
X
|
Identified as a variant of the Win32/SpamTool.Agent.NAJ malware.
|
||
|
X
|
Identified as a variant of the Win32/SpamTool.Agent.NAJ malware.
|
||
|
X
|
|||
|
X
|
Browser Hijacker. Please note that
C:\Windows\System32\wscript.exe is a legitimate program and should not be
removed.
|
||
|
X
|
|||
|
X
|
Added by the W32.Vapka.A worm. W32.Vapka.A is a worm that spreads by copying itself to
removable media and steals confidential information.
|
||
|
X
|
|||
|
X
|
Added by the W32.Roty.B@mm worm. W32.Roty.B@mm is a mass-mailing worm that also copies
itself to shared folders and mapped network drives.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Fakealert Trojan which shows fake security alerts on your
computer.
|
||
|
X
|
Added by the W32.Iretsim worm. W32.Iretsim is a worm that spreads by copying itself to
removable drives. It also attempts to end security-related processes on the
compromised computer.
|
||
|
X
|
Added by the W32.Yahack.A worm. W32.Yahack.A is a worm that spreads through mapped drives.
It logs keystrokes, gathers system information, and steals Yahoo! Messenger
passwords.
|
||
|
X
|
Added by the W32.Debanpass worm. W32.Debanpass is a worm that copies itself to all drives.
It steals confidential information and account details when users connect to
a bank Web site.
|
||
|
X
|
Added by the W32.Snaban worm. W32.Snaban is a worm that spreads by copying itself to
removable drives and network drives on the compromised computer. It also
steals confidential information by logging keystrokes.
|
||
|
X
|
Added by the TSPY_ONLINEG.GJQ spyware. This spyware steals sensitive information, such as user
names and passwords, related to the game, World of Warcraft.
|
||
|
X
|
Unidentified malware.
|
||
|
X
|
Unidentified malware.
|
||
|
X
|
Unidentified malware.
|
||
|
X
|
Unidentified malware.
|
||
|
X
|
Unidentified malware.
|
||
|
X
|
Unidentified malware.
|
||
|
X
|
|||
|
X
|
Identified as a variant of the Trojan.Spambot.2424 malware.
|
||
|
X
|
Added by the VBS/Capiz-A worm. You can also delete the C:\Windows\System32\imgkulot.reg
and C:\Windows\System32\imgkulot.vbs files that are associated with this infection.
|
||
|
X
|
Identified as the Trojan-Notifier.Win32.Small.i malware.
|
||
|
X
|
Malware related to and installed with different rogue
anti-spyware programs including WinAntiSpyware 2006 or WinAntiSpyware 2007.
This Trojan is responsible for the fake security alerts being displayed in
your Windows taskbar.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Identified as Trojan-Downloader.Win32.Small.ewt.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the W32.Lecivio worm. W32.Lecivio is a worm that spreads by copying itself to
all mapped drives on the compromised computer. It also downloads potentially
malicious files on to the compromised computer.
|
||
|
X
|
Added by the W32.Pahatia.B worm. W32.Pahatia.B is a worm that spreads through mapped network
drives and attempts to restart the computer if certain processes are running.
|
||
|
X
|
|||
|
X
|
Added by the W32.Slurk.A worm. W32.Slurk.A is a worm that copies itself to all removable
and shared drives, and drops other threats on to the compromised computer.
|
||
|
X
|
Added by the W32.Odelud worm. W32.Odelud is a worm that spreads via network shares and
removable media and may infect executable files.
|
||
|
X
|
|||
|
X
|
Identified as Backdoor.IRC.Zapchast.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Identified as the Trojan.PWS.Zassan password-stealing Trojan.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the WORM_SOHANAD.AM worm. This infection also downloads two files called YMWorm.exe
and worm2007.exe. Once download it launches the C:\Windows\System\YMWorm.exe
and C:\Windows\System\worm2007.exe programs.
This infection should not be confused with the legitimate C:\Windows\System32\lsass.exe file. |
||
|
X
|
|||
|
X
|
Added by the W32/Rungbu-E virus. W32/Rungbu-E searches for files with a DOC extension and
appends them to itself. It then deletes the original file, and copies itself
to the same name but with an EXE extension.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the W32.Solow worm. W32.Solow is a worm that attempts to spread via removable storage
drives and copies itself as exe files with various names.
|
||
|
X
|
Added by the Troj/Hacksaw-A Trojan. Troj/Hacksaw-A infects a system when a U3 USB drive
loaded with it is connected to to a compatible system.
|
||
|
X
|
Added by the VBS.Runauto worm. VBS.Runauto is a Visual Basic script worm that copies
itself in the root folder of all drives (including removable devices) except
floppy drives.
|
||
|
X
|
|||
|
X
|
Added by the W32.Takeobel worm. W32.Takeobel is a worm that copies itself to mapped
network drives. It also adds an .ln3 extension to any .doc files that it
finds on the compromised computer.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the TSPY_WOWCRAFT.BL information stealing Trojan for the online game the World of
Warcraft.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the W32/Brontok-CJ worm. It is important to note that there may be a legitimate
C:\Autoexec.bat. This file uses the number zero instead of the letter O.
|
||
|
X
|
Added by the W32.Falgna worm. W32.Falgna is a worm that steals system information and
opens a back door on the compromised computer allowing a remote attacker to
have unauthorized access.
|
||
|
X
|
Added by the W32.Falgna worm. W32.Falgna is a worm that steals system information and
opens a back door on the compromised computer allowing a remote attacker to
have unauthorized access.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the Troj/Agent-DQT Trojan. This infection should not be confused with the
legitimate C:\Windows\explorer.exe file.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
Added by the W32/Todnab-A worm. This infection should not be confused with the legitimate
C:\Windows\System32\lsass.exe file.
|
||
|
X
|
Added by the W32/Todnab-A worm. This infection should not be confused with the legitimate
C:\Windows\System32\lsass.exe file.
|
||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
X
|
|||
|
Name
|
Filename
|
Status
|
Description
|
|
X
|
Added by the Troj/Banker-DIO Internet banking Trojan. When selected
banking websites are accessed, the Trojan will monitor user activity and send
the stolen details to remote email addresses.
|
||
|
X
|
Added by the Troj/Goldun-DS Trojan.
Troj/Goldun-DS monitors browser activity in an attempt to steal passwords
when users browse to certain websites, including www.e-gold.com. The Trojan
may attempt to modify browser settings in order to force users to re-type
passwords.
|
||
|
X
|
Added by the Troj/Enfal-A Trojan.
|
||
|
X
|
Added by the Troj/Paproxy-C Trojan.
|
||
|
X
|
Added by the Spyware.Mom spyware.
|
||
|
U
|
Added by the Spyware.NetMama surveillance software. This program
should be uninstalled if it was not installed by yourself.
|
||
|
X
|
Added by the Troj/Sharp-R backdoor
Trojan.
|
||
|
X
|
Added by the Troj/PPdoor-AT backdoor
Trojan.
|
||
|
X
|
Added by the Troj/Prosti-BU backdoor Trojan.
|
||
|
X
|
Added by the W32/Looked-A EXE virus.
|
||
|
X
|
Added by the W32/Brontok-AK mass-mailing worm.
|
||
|
X
|
Added by the W32/Rbot-DPG worm
and IRC backdoor.
|
||
|
X
|
Added by the Troj/Prosti-BL backdoor Trojan. Explorer.exe is not
part of this infection and should not be removed.
|
||
|
X
|
Added by the Troj/Small-BNQ backdoor Trojan.
|
||
|
X
|
Added by the W32/Cablenet-A worm.
|
||
|
X
|
Added by the Troj/PPdoor-AR backdoor Trojan.
|
||
|
X
|
Added by the Troj/Zagaban-E Trojan.
|
||
|
X
|
Added by the Troj/PPdoor-AQ Trojan.
|
||
|
X
|
Added by the Troj/DDoS-E Trojan.
|
||
|
X
|
Added by the W32/Brontok-R mass-mailing
worm.
|
||
|
X
|
Added by the Troj/Agent-ADU password-stealing Trojan.
|
||
|
X
|
Added by the Troj/Agent-AET password-stealing Trojan.
|
||
|
X
|
Added by the Troj/PPdoor-AP backdoor Trojan.
|
||
|
X
|
Added by the Troj/Lineage-FU password-stealing Trojan for the
online game Lineage.
|
||
|
X
|
Added by the Troj/Fusion-B keylogging backdoor Trojan.
|
||
|
X
|
Added by the Troj/Fusion-B keylogging backdoor Trojan.
|
||
|
X
|
Added by the W32/Brontok-N worm.
|
||
|
X
|
Added by the W32/Brontok-M worm.
|
||
|
X
|
Added by the W32/Brontok-K mass-mailing worm.
|
||
|
X
|
Added by the Backdoor.Dckane backdoor. This infection also
installs the file c:\windows\system32\kane.dll.
|
||
|
X
|
Added by the Troj/Lineage-CA password-stealing Trojan for the
online game Lineage.
|
||
|
X
|
Added by the W32/Spybot-EM worm and IRC backdoor.
|
||
|
X
|
Added by the Troj/PPdoor-Q backdoor Trojan. This infection may
also make the files C:\Windows\System32\dpnetmsg.exe,
C:\Windows\System32\iueninet.dll, C:\Windows\System32\fsmgntfs.dll, C:\Windows\System32\ntmapast.dll,
C:\Windows\System32\ir50psrv.exe, C:\Windows\System32\kbd1uery.dll,
C:\Windows\System32\lfyockaa.dll, C:\Windows\System32\a15svcs.exe,
C:\Windows\System32\dpnmdlib.exe, C:\Windows\System32\c_28usic.dll,
C:\Windows\System32\atiysnpn.dll, C:\Windows\System32\treemqoa.dll,
C:\Windows\System32\arptutdn.dll, C:\Windows\System32\eulapart.dll,
C:\Windows\System32\smlo8thk.exe, C:\Windows\System32\odbcfwci.ime,
C:\Windows\System32\hgakheg.dll, C:\Windows\System32\jkwbhew.dll, and C:\Windows\System32\testtest.exe.
|
||
|
X
|
Added by the W32/Spybot-EN worm.
|
||
|
X
|
Added by the W32/Protorid-AF worm and IRC backdoor.
|
||
|
X
|
Added by the Troj/Lineage-BW password-stealing Trojan for the
online game Lineage.
|
||
|
X
|
Added by the W32/Blaster-M worm.
|
||
|
X
|
Added by the Troj/Prosti-Q Trojan.
|
||
|
X
|
Added by the Troj/LegMir-BW Trojan.
|
||
|
X
|
Added by the Troj/Bravo-C Trojan.
|
||
|
X
|
Added by the Troj/Agent-PL backdoor Trojan.
|
||
|
X
|
Added by the PE_THEALS.A file infector. This infection also
utilizes rootkit technology.
|
||
|
X
|
Added by the Troj/Detest-A Trojan.
|
||
|
X
|
Added by the Troj/Agent-FD Trojan. This infection also creates
the files c:\windows\system32\Filesys.ini and
c:\windows\system32\ntfilesys.ini.
|
||
|
X
|
Added by the Troj/Lineage-OJ password-stealing Trojan.
|
||
|
X
|
Added by the W32/Spybot-ED worm. When started, this infection
connects to a remote IRC server where it waits for commands to execute
|
||
|
X
|
Added by the Troj/DBdoor-A backdoor Trojan. This infection also
creates the files c:\windows\inf\3EQ2_w.inf
c:\windows\system32\drivers\d6iXjEe.sys c:\windows\system32\libeay32.dll c:\windows\system32\ssleay32.dll c:\windows\system32\Systen.dll |
||
|
X
|
Added by the Backdoor.Zagaban backdoor Trojan.
|
||
|
X
|
Added by the Troj/LegMir-BG keylogger Trojan. It also creates the
file CQQ_Fileqq_dll.dll.
|
||
|
X
|
Added by the Troj/Legmir-BD informations stealing Trojan for the
online game Legend of Mir.
|
||
|
X
|
Added by the Troj/Lineage-BA password-stealing Trojan for the
online game Lineage.
|
||
|
X
|
Added by the W32/Korbo-A worm
and backdoor Trojan.
|
||
|
X
|
Added by the W32/Mytob-FT mass-mailing worm and IRC backdoor.
|
||
|
X
|
Added by the W32/Bagle-AK worm.
|
||
|
X
|
Added by the Troj/Lineage-AS Trojan.
|
||
|
X
|
Added by the Troj/Sharp-J Trojan.
|
||
|
X
|
Added by the Troj/GWGhost-R information stealing Trojan.
|
||
|
X
|
Added by the Troj/Proxy-GG proxy Trojan.
|
||
|
X
|
Added by the Troj/Proxy-GG proxy Trojan.
|
||
|
X
|
Added by the Troj/Heles-B keylogger Trojan.
|
||
|
X
|
Added by the VBS_GEDZA.A worm.
|
||
|
X
|
Added by the Troj/Lineage-AN password-stealing Trojan for the
online game Lineage.
|
||
|
X
|
Added by the Troj/LegMir-AU Trojan.
|
||
|
X
|
Added by the Troj/StartPa-HC Trojan.
|
||
|
X
|
Added by the W32/Rirc-E worm
and IRC backdoor.
|
||
|
X
|
Added by the Troj/GWGhost-N Trojan.
|
||
|
X
|
Added by the Backdoor.Augudor backdoor.
|
||
|
X
|
Added by the Backdoor.Samkams backdoor Trojan.
|
||
|
X
|
Added by the Troj/Pcik-A trojan.
|
||
|
X
|
Added by the Troj/Celine-A backdoor trojan.
|
||
|
X
|
Added by the W32/Oscabot-K worm and IRC backdoor.
|
||
|
X
|
Added by the Troj/Lineage-AB trojan.
|
||
|
X
|
Added by the W32/Rbot-BSH worm. When started, this infections
connects to a remote IRC server where it waits for commands to execute.
|
||
|
X
|
Added by the W32/Rbot-BSG worm. When started, this infections
connects to a remote IRC server where it waits for commands to execute.
|
||
|
X
|
Added by the Troj/Chorus-A browser hijacker.
|
||
|
X
|
Added by the Troj/Chorus-A browser hijacker.
|
||
|
X
|
Added by the W32/Rbot-BAA worm.
|
||
|
X
|
Added by the W32/Sdbot-ZP worm. When started, this infections
connects to a remote IRC server where it waits for commands to execute.
|
||
|
X
|
Added by the W32/Rbot-AFJ worm. When started, this infection
connects to a remote IRC server and waits for commands to execute.
|
||
|
X
|
Added by the Ssearch.biz and a-search.biz hijackers.
|
||
|
X
|
Added by the Troj/CmjSpy-U keylogger.
|
||
|
Y
|
Added by Curtains
for Windows. Removing this file WILL cause your computer to
have problems starting. You should contact Authentium for the proper removal
procedure. Unknown as to what function it plays in this program.
|
||
|
X
|
Added by the W32/Oscabot-D worm. When started, this infection
connects to an IRC where it waits for remote commands to execute.
|
||
|
X
|
Added by the Troj/Leodon-B trojan downloader.
|
||
|
X
|
Added by the W32/Rirc-D worm.
|
||
|
X
|
Added by Backdoor.RemoteSOB.
|
||
|
X
|
Added by the Troj/Sharp-G backdoor trojan.
|
||
|
X
|
Added by the W32/Kelvir-I instant messaging worm.
|
||
|
X
|
Added by the Troj/Agent-CG backdoor.
|
||
|
X
|
Added by the W32/Rbot-WG worm.
When started this infection connects to a remote IRC server where it waits
for commands to execute. These infections also log keystrokes, so if you are
infected you should change all your passwords.
|
||
|
X
|
Added by the Troj/PPdoor-F.
It also uses a name Client Agent when changing the registry run key to enable
auto-starting at logon.
|
||
|
X
|
Added by the Troj/LegMir-W infection.
|
||
|
X
|
Added by the Troj/Bdoor-GP backdoor trojan.
|
||
|
X
|
Added by the Troj/Bancban-BW password
stealing trojan. This trojan affects users of Brazillian banks.
|
||
|
X
|
Added by the Troj/Dloader-JT or Troj/Dlsw-B trojan
downloaders.
|
||
|
X
|
Added by the W32/Rbot-YE irc
backdoor trojan.
|
||
|
X
|
Added by the W32/Rbot-YC network
worm/backdoor.
|
||
|
X
|
Added by the W32/Tex-A mass-mailing
worm.
|
||
|
X
|
This infection is a Abetterinternet adware variant. It is
notoriously difficult to remove and is usually bundled with other malware
that are hard to remove as well. One method that we have found that is able
to remove this infection and the other malware that are bundled with it is
the ewido
security suite which you can download and try for free.
|
||
|
X
|
Added by Backdoor.Armageddon.B
|
||
|
Name
|
Filename
|
Status
|
Description
|
|
X
|
w32rbotxe drops
a TROJAN, creating several files in %Program Files%, %Windir%, and %system%
in addition to this file.
|
||
|
X
|
Added by the W32/Cissi-F WORM,
the system .ini field {boot} will be modiified and remote access made
available to an attacker(s) using an IRC channel(s).
|
||
|
X
|
Added by the W32.Dumaru.Y@mm Worm!
It is a mass-mailing worm with backdoor and keylogging capabilities.
|
||
|
X
|
This dumaru variant
attempts to terminate antivirus programs so that it remains undetected. It is
a mass-mailing worm with backdoor and keylogging capabilities.
|
||
|
X
|
A WORM/backdoor, W32/Kipis-J,
opens notepad.exe and copies itself to the Windows folder as regedit.com and
installs to it's newly created folder. A variety of anti-virus and security
related processes may be terminated and backdoor opened on port TCP/9413.
|
||
|
X
|
Added by Troj/Small-EH it
also installs RSHELL32.DLL, both are hidden in the Windows system folder.
Once run, .DLL may modify a system component to penetrate a firewall and
provide a new remote shell which can be exploited.
|
||
|
X
|
Added by a variant of the LOVGATE WORM!
|
||
|
X
|
Added by the W32.Atak.B@mm mass-mailing worm that uses its own
SMTP engine to send its messages to the email addresses it gathers from
certain files on a compromised computer.
|
||
|
X
|
Added by the CIADOOR.B TROJAN!
|
||
|
Y
|
Required to prevent configuration errors on a Compaq LBP-660
parallel port laser printer (and maybe others)
|
||
|
?
|
Could it be something to do with configuring Windows on a new PC
from an OEM supplier?
|
No comments:
Post a Comment