Discovered: June 16, 2008 Updated: June 17, 2008 4:52:48 AM Type: Trojan Infection Length: 139,264 bytes (.exe file); 65,024 bytes (.dll file) Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
When the Trojan executes, it copies itself as the following files: %System%sendmsg.dl_ %System%sendmsg.dll
It then modifies the following files so that it runs when the files are executed: %Windir%explorer.exe %System%conime.exe %System%ctfmon.exe %System%dllcacheconime.exe %System%dllcachectfmon.exe %System%dllcacheexplorer.exe
It saves the original files as the following files: %Windir%KB834213.log (a copy of the original %Windir%explorer.exe file) %System%c_68524.nls (a copy of the original %System%ctfmon.exe file) %System%c_68525.nls (a copy of the original %System%conime.exe file)
The Trojan then opens a back door and attempts to connect to the following URL: ryy.shecalla.com:80
Home
Forum
Virus Removal
Virus List
Contact Us
