Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

FDos-Medusa (trojan)

Feb 12, 2004 6:49AM PST

Date Discovered: 2/3/2004
Date Added: 2/12/2004
Origin: Unknown
Length: 20,480
Type: Trojan
SubType: Denial Of Svc

Virus Characteristics

This is a trojan that performs denial of service attack to a specific website by sending large number of SYN requests. The packets are sent with spoofed randomly generated source ip addresses.

When run, it copies itself to the local machine as:

%WinDir%\winsys.exe
Where %WinDir% is the Windows directory.

It creates the following registry keys to load itself at Windows startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WINSYS" = "%WinDir%\winsys.exe"

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101019

Discussion is locked