Content
Proxy-Hino
- Type
- Trojan
- SubType
- -
- Discovery Date
- 10/23/2003
- Length
- Varies
- Minimum DAT
- 4300 (10/29/2003)
- Updated DAT
- 4895 (11/14/2006)
- Minimum Engine
- 5.1.00
- Description Added
- 01/14/2004
- Description Modified
- 01/14/2004 11:21 AM (PT)
Tab Navigation
Characteristics
This detection covers proxy trojans derived from the same basic source code, which is publicly available. These proxy trojans act as a middleman between a requesting system and a destination host. They are designed to listen on a specified TCP port for incoming requests. Those requests are then sent out from the infected system to the desired destination. The response from the destination server is rerouted back to the originating host by the proxy trojan.
This proxy allows for a trojan author/distributor to use the infected system as a type of identity shield, allowing them to navigate to different locations on the Internet without divulging who or where they really are.
Such proxies can be used to surf the web anonymously, hack systems, or relay spam.
This trojan is based on the source code for the Proxy-Daemonize application , and is also used by the Spy-Tofger trojan .
Symptoms
Vary. Common filenames of the trojan include SVCHOSTC.EXE and SVCHOSTS.EXE. However, the filenames can be something completely different as well.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
- Proxy-Hino.dldr
All Information
Overview -
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics
Characteristics -
This detection covers proxy trojans derived from the same basic source code, which is publicly available. These proxy trojans act as a middleman between a requesting system and a destination host. They are designed to listen on a specified TCP port for incoming requests. Those requests are then sent out from the infected system to the desired destination. The response from the destination server is rerouted back to the originating host by the proxy trojan.
This proxy allows for a trojan author/distributor to use the infected system as a type of identity shield, allowing them to navigate to different locations on the Internet without divulging who or where they really are.
Such proxies can be used to surf the web anonymously, hack systems, or relay spam.
This trojan is based on the source code for the Proxy-Daemonize application , and is also used by the Spy-Tofger trojan .
Symptoms
Symptoms -
Vary. Common filenames of the trojan include SVCHOSTC.EXE and SVCHOSTS.EXE. However, the filenames can be something completely different as well.
Method of Infection
Method of Infection -
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
- Proxy-Hino.dldr
