McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This threat is detected as New Backdoor with the 4100 DATs (or newer) when scanning with program heuristics enabled.

This is a password-stealer and IRC bot trojan. It does not "install" itself on the system (saves copies, or configure itself to run at system startup).

The trojan attempts to gather cached Windows, RAS, and Webmoney password and act as a proxy server. When run, it checks for an active Internet connection by attempting to access WWW.GOOGLE.COM. If a connection is present, the trojan will connect to an IRC channel and wait for commands. Commands include, downloading of files, joining IRC channels, sending messages and PINGs.

Symptoms

The trojan listens on port 1778.

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This threat is detected as New Backdoor with the 4100 DATs (or newer) when scanning with program heuristics enabled.

This is a password-stealer and IRC bot trojan. It does not "install" itself on the system (saves copies, or configure itself to run at system startup).

The trojan attempts to gather cached Windows, RAS, and Webmoney password and act as a proxy server. When run, it checks for an active Internet connection by attempting to access WWW.GOOGLE.COM. If a connection is present, the trojan will connect to an IRC channel and wait for commands. Commands include, downloading of files, joining IRC channels, sending messages and PINGs.

Symptoms

Symptoms -

The trojan listens on port 1778.

Method of Infection

Method of Infection -

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A