Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

BackDoor-CAY

Feb 19, 2004 8:51AM PST

Date Discovered: 12/18/2003
Date Added: 2/19/2004
Origin: Unknown
Length: Varies
Type: Trojan
SubType: Remote Access

There are multiple variants of this trojan. This description is simply meant to be a guide. This trojan uses a stealth technique to circumvent certain scanning technology. VirusScan's on-access scanner detects known variants of this trojan. The 4327 DAT files contain enhanced detection to allow VirusScan's on-demand scanner to detect known variants when scanning memory.

The trojan attempts to capture typed keystrokes and steal web site passwords.

When run, the trojan creates a hidden directory named f~a within the WINDOWS SYSTEM directory. A registry run key is created to load the trojan at startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run "f~a" = C:\WINNT\System32\f~a\ra32.exe

Read more: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101037

Discussion is locked