Date Discovered: 10/9/2003
Date Added: 4/1/2004
SubType: Remote Access
There are multiple variants of this remote access trojan. For optimal detection, the latest engine/DATs combination should be used, and the scanning of compressed files enabled (default option).
At the time of writing, a spamming of a downloader trojan (detected as Downloader-IU ) has been observed. The downloader is configured to download and install a variant of this remote access trojan. (Some components installed by this variant are detected with the 4346 DATs. Full detection and cleaning will be available in the 4347 DATs.)
Exact details between variants (Registry key names, filenames etc) may vary, but the following general characteristics are applicable to this family:
serves as a HTTP proxy on the victim machine
serves as a SOCKS proxy on the victim machine
notification of infection is sent to the hacker (via HTTP)
certain passwords are harvested from the victim machine, and emailed to the hacker (trojan contains its own SMTP engine to construct message). These include MAPI, system and POP3 passwords.
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?