W32/Protux.GK!tr - Released Oct 07, 2009 - Last Updated Oct 08, 2009
|
Alias/esBackdoor.Win32.Protux.gk (KAV) |
Detection Availability
|
Visible Symptoms- The following file exists:
- Possible firewall alert that an executable is attempting to connect to the internet.
|
Detailed Analysis This trojan has the ability to open a backdoor by which a remote hacker can get full control over the user's computer. It allows the hacker to connect to the user's PC and perform malicious activities. The infected user's information and data are then compromised.
Technical Details
- The following file is created:
- The following registry entry is created:
- HKEY_LOCAL_MACHINE\SYSTEM\NOD32Leading
- The following registry entry is modified:
- HKEY_LOCAL_MACHINE\SYSTEM\NOD32Leading\lanmanworkstation\parameters\
servicedll = %System%\workstation.dll
- The following is the IP address that it connects to, as well as the port that is uses:
|
Recommended ActionFortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
|