W32/Prorat.g

Type: Worm
Size: 350764 Byte
System Affected: Windows 2000,XP,NT,....
Others Known As:

Backdoor.Win32.Prorat.19.i (Kaspersky) W32/Prorat.AK@bd (F-Prot)

Characteristics :

1) Creates the following registry keys :


◊ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = Explorer.exe %system%\fservice.exe


◊HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\

DirectX For Microsoft« Windows = %system%\fservice.exe


2) Create the following files :

◊ %system%\fservice.exe
◊ %WINDOWS%\system\sservice.exe
◊ %WINDOWS%\services.exe
◊ %System%\winkey.dll
◊ %System%\reginv.dll

Copyright © 1994-2008 Imen Computer Virology Laboratory I.C.V.L .
All Rights Reserved .
Mehran Rayaneh Engineering Co.