|
We found a "new" trojan on one of our machines. It's only use appears to be in DoS attacks. The characteristics are listed below. Even though we've submitted it to a couple of the AV sites, experience says they probably won't do much. Neither Norton nor Trend will pick this up at this time. It creates an IRC link similiar to the goner worm. Robert Futur@ ISP
File size: 96k known filenames: server.exe, comcfg.exe, SYSTEM.exe Trojan will add SYSTEM.exe to your shell= line in system.ini, and copy itself to C:\windows\comcfg.exe and C:\windows\SYSTEM.exe. You may find the registry entries here: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run-\ |
