BackDoor-CHT

Risk of infection : low

Type : Trojan

Distribution Methods : IRC, peer-to-peer networks, email

Mode of infection
The virus installs in % SYSDIR% directory as hkdoordll.dll. (eg: C: Windows, C: Windows System, C: Windows System32)

It adds these keys in Windows registry:
HKEY_LOCAL_MACHINE SYSTEM ControlSet001 Services netwall "DisplayName" = "netwall"
HKEY_LOCAL_MACHINE SYSTEM ControlSet001 Services netwall "ErrorControl" = 01, 00, 00, 00
HKEY_LOCAL_MACHINE SYSTEM ControlSet001 Services netwall "ImagePath" = "?? C: WINDOWS system32 Drivers netwall.sys"
HKEY_LOCAL_MACHINE SYSTEM ControlSet001 Services netwall "Start" = 03, 00, 00, 00

What can fo the virus?


  • Allows receiving popup messages
  • Allows any DOS commands execution
  • Runs, stops, opens and closes the CD drive
  • Logout from the operating system
  • Disable double-click
  • Opens certain websites with the browser
  • Loads, unloads and execute files on the victim's computer

2914

3

0
Author: Iulian Cristea
This site uses cookies. Browsing further, you are consenting to use them. More details here. I agree