Date Discovered: 3/17/2004
Date Added: 3/24/2004
Length: 61,440 bytes
The application known as Download Accelerator Plus (DAP.EXE) is known to trigger this incorrect identification.
The actual trojan was received using the file name, ntdsapi.exe (61,440 bytes). When the trojan is run, it connects to the irc server irc.alphanine.net , joins a specified channel, and awaits further instructions.
The trojan copies itself to the WINDOWS SYSTEM directory and creates a registry run key to load itself at system startup:
Run "ntdsapi" = "c:\windows\system32\ntdsapi.exe"
Indications of Infection
Unexpected IRC traffic (TCP port 6667) to irc.alphanine.net
The trojan drops an additional file in the SYSTEM directory, SVKP.SYS and attempts to register the file as a service:
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?