W32/Backdoor.ds

Type: Worm
Size: 49152 Byte
System Affected: Windows 2000,XP,NT,....
Others Known As:

Worm.Win32.VB.el (Kaspersky) W32/Backdoor.VXI (F-Prot)

Characteristics :

1) Creates the following registry keys :


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.2 = %system%\msime80.exe


◊ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsServer = %system%\msfir80.exe


2) Create the following files :

◊ %System%\msime80.exe
◊ %System%\msfir80.exe
◊ %System%\algssl.exe
◊ [All Drive]\Autorun.inf
◊ [Removable Files]\Autorun.inf
◊ [Removable Files]\sal.xls.exe

Copyright © 1994-2008 Imen Computer Virology Laboratory I.C.V.L .
All Rights Reserved .
Mehran Rayaneh Engineering Co.