high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Included in our products from | November 2004 (3.87) |
| Protection available since | 16 August 2004 11:33:28 (GMT) |
| Last updated | 29 September 2004 12:56:12 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing Troj/Bdoor-CHR.
More Information
Troj/Bdoor-CHR is a backdoor Trojan. Troj/Bdoor-CHR is a backdoor Trojan that can listen on IRC channels for commands from an attacker.
Troj/Bdoor-CHR creates a copy of itself in the Windows system folder with the filename dx32hhlp.exe and also drops a component in the same folder with the filename dx32hhec.sys. This component is used to hide the backdoor Trojan from anti-virus scanners but can be stopped by entering the command "NET STOP DX32HHEC" to stop the service dx32hhec.
Troj/Bdoor-CHR may append the HOSTS file with the following information to prevent internet access to popular anti-virus and security related web sites:
127.0.0.1 www.trendmicro.com
127.0.0.1 trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 kaspersky.com
127.0.0.1 www.f-secure.com
127.0.0.1 f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mcafee.com
127.0.0.1 www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1 www.sophos.com
127.0.0.1 symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com
|
