McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This is a 32bit Intel-based version of a previously published as source code Denial of Service (DDoS) attack program. This compilation of the trojan when run on a system, will load from the registry at this key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run=service.exe

This file will run as a service at Windows startup, listening for commands on a pre-designated UDP port.

Symptoms

Registry modification as mentioned above, existence of the file "SERVICE.EXE" as mentioned above. High likelihood of an accompanying backdoor (trojan) program also running/residing on the same machine.

Method of Infection

Running this trojan will directly install to the local system and load at next Windows startup.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This is a 32bit Intel-based version of a previously published as source code Denial of Service (DDoS) attack program. This compilation of the trojan when run on a system, will load from the registry at this key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run=service.exe

This file will run as a service at Windows startup, listening for commands on a pre-designated UDP port.

Symptoms

Symptoms -

Registry modification as mentioned above, existence of the file "SERVICE.EXE" as mentioned above. High likelihood of an accompanying backdoor (trojan) program also running/residing on the same machine.

Method of Infection

Method of Infection -

Running this trojan will directly install to the local system and load at next Windows startup.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A