-Trojan Downloader Small.dam: P1/P2
-Trojan Obfuscated.ev: P1/P2
-Trojan Spy Lmir.bgk: P1/P2
-Trojan Spy Mara.bo: P1/P2
-Trojan Spy Small.bs: P1/P2
Here again system process terminology is used: svchost is a generic process in relation with many services (for those who are not afraid by French language1, they can a take a look at SVCHOST Informations, designed to list svchost services).
A simple way to distinguish the legitimate svchost.exe from a malicious process disguised as svchost.exe, is to open the task manager and to look at the user name: all system processes are displayed under System "account/privileges", and all other under administrator/user account/privileges.
The "intruder" :
The legitimate:
For powerd/advanced/experimented users, there's FCIV Microsoft utility, and for normal users we can also mention "sigverif.exe" (Run-Execute) and Programchecker which is free (personal edition).
-Trojan Agent.dt: P1/P2
-Trojan Start Page.ama: P1/P2
-Wxhshell backdoor: P1/P2
As it is displayed, this test was done in a non particular herdened host:
-Backdoor Arape.a: F1/P2
F1: we have not use run key for the configuration of the server (server editor), and the backdoor just try to open a connection:
-Backdoor Agent.po: P1/P2
-Backdoor Gobot.y: F1/P2
Fake system error message box:
But the first goal of a backddor is to look outside:
-DSKlite trojan: P1/P2
We build the server file that we rename as "HotGirl" (three examples for adult only here: enter the "wash" command, enjoy, and come back here please or...we'll phone your mum...).
1. Tony Blair is not afraid of the french accent...
par SSTA
publié dans :
KASPERSKY 6 TEST