M73A
Veteran Member
Posts: 3213
Reputation: 37
34 /  / 
Joined: Jul 2004
|
O.P. RE: Are These Genuine System Files?
shredding time 
found this
quote:
Originally posted by sophos website
This section is for technical experts who want to know more.
Troj/Bdoor-YP is a Trojan for the Windows platform.
When first run Troj/Bdoor-YP copies itself to <System>\vssms32.exe and
creates the following files:
<Windows>\hkr32.asm
<System>\ldapi32.exe
<System>\ntcvx32.dll
<System>\ntswrl32.dll
The following registry entry is created to run vssms32.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vssms32
<System>\vssms32.exe
The following registry entries are set, affecting internet security:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\
<Windows>\System32
vssms32.exe
<System>\vssms32.exe:*:Enabled node
Registry entries are created under:
HKCU\Software\
Troj/Bdoor-YP also attempts to install the Trojans Troj/Mpass-B and
Troj/LdPinch-IP.
|
|
![[Image: lost7ru.gif]](http://img518.imageshack.us/img518/6144/lost7ru.gif)
