Name: A-trojan 1.5
Keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
“Rundll16”
Version: 1.5
Type: Remote access/administration
Port/s used: 170 tcp
Files:
rundll16.exe in the windows directory and MdiHole.exe, MsDecay.scr,
Msvsrv.exe and watching.dll in the windows system directory
Aliases: none
Behaviour: the trojan server once executed melts away
(the icon vanishes)
Removal: Go
to start and then to run and type regedit.
When regedit opens you
will need to follow the following path
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Once you have done that,
look for the word Rundll16, delete this registry key.
Reboot.
Now go to start, then to
find and look for rundll16.exe, when you find it right click on the file and
choose delete. Now go to windows system directory and delete the following
files: MdiHole.exe, MsDecay.scr, Msvsrv.exe and watching.dll
Reboot and your pc should
be clean
Special: Has the ability to
do a lot of damage to important files
Author: NA
Notes: This trojan is a
Portuguese made trojan and would be hard to use if you do not understand the
language used. Given this, I would not rate this as a major threat although it
may be a problem in South America and European countries. Also the server size
is quite large for a trojan, this would add to it being unfavourable amongst
the script kiddies.