PDA

View Full Version : Backdoor trojan [Virus updates]


caleb_yee
23-08-03, 15:13
Backdoor.Zebroxy is a Trojan Horse that opens port 8173 and runs as a proxy server under Windows 2000/XP. Backdoor.Zebroxy is written in Microsoft Visual C++ and is packed with Yoda version 1.2.

Every each Windows OS is vurnerable to the attack....this is wat it does,...
When Backdoor.Zebroxy is run, it does the following:

Adds the string value:

"Microsoft Windows Kernel Services"="%System%\winkrnl386.exe"

to the registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

and:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run

so that the Trojan runs when you start Windows.

Modifies the string value:

"EnableDCOM"="N"

to the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

so that remote connections using DCOM are disabled.

Opens TCP port 8173 and runs as a proxy server.

Now,that is pretty damaging there..

Removal instruions....here.
Update the virus definitions.
Restart the computer in Safe mode.
Run a full system scan and delete all the files detected as Backdoor.Zebroxy.
Delete the value that was added to the registry.

Easy as ABC....take care now..
Removal details Virus Removal Details (http://www.tombraiderforums.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=9;t=003986)
ALright,i am done here....hope u all are prepare and aware.Pretty tired now..

caleb_yee
23-08-03, 15:39
Oh BTW
i went out to day to Mid Valley Megamall,one of the biggest shopping mall in asian....Well,it's in Malaysia of coz...
i brought the Lara Action figure from the Cradle of life movies..
i brought one last Tuesday....the wetsuit....now i brought the original one...
It was selling so fast..that the wetsuit lara has sold out...lucky me...lucky me,i am darn happy