Publié le par SSTA

-Trojan Downloader Small.dam: P1/P2

-Trojan Obfuscated.ev: P1/P2

-Trojan Spy Lmir.bgk: P1/P2

-Trojan Spy Mara.bo: P1/P2

-Trojan Spy Small.bs: P1/P2

Here again system process terminology is used: svchost is a generic process in relation with many services (for those who are not afraid by French language1, they can a take a look at  SVCHOST
Informations, designed to list svchost services).
A simple way to distinguish the legitimate svchost.exe from a malicious process disguised as svchost.exe, is to open the task manager and to look at the user name: all system processes are displayed under System "account/privileges", and all other under administrator/user account/privileges.

The "intruder" :

The legitimate:

For powerd/advanced/experimented users, there's FCIV Microsoft utility, and for normal users we can also mention "sigverif.exe" (Run-Execute) and Programchecker which is free (personal edition).

-Trojan Agent.dt: P1/P2

-Trojan Start Page.ama: P1/P2

-Wxhshell backdoor: P1/P2

As it is displayed, this test was done in a non particular herdened host:

-Backdoor Arape.a: F1/P2

F1: we have not use run key for the configuration of the server (server editor), and the backdoor just try to open a connection:

-Backdoor Agent.po: P1/P2

-Backdoor Gobot.y: F1/P2

Fake system error message box:

But the first goal of a backddor is to look outside:

-DSKlite trojan: P1/P2

We build the server file that we rename as "HotGirl" (three examples for adult only here: enter the "wash" command, enjoy, and come back here please or...we'll phone your mum...).

1. Tony Blair is not afraid of the french accent...

Publié dans KASPERSKY 6 TEST

Commenter cet article