Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Proxy-Mitglieder (trojan) Update

Feb 12, 2004 2:21AM PST

-- Update February 12th 2004 --

A new variant of Proxy-MitGlieder was received, which is intended to propagate via the backdoor installed by W32/Mydoom.a@MM and W32/Mydoom.b@MM . This variant is 10,240 bytes in size, and is UPX packed. It is detected as:

Proxy-MitGlieder variant by McAfee products running the 4317 DATs or greater.
Exploit-Mydoom by McAfee gateway products running the 4323 DATs.
--

This is a detection for a backdoor trojan that also tries to download further malicious files. There are multiple versions of this trojan proxy - the details below are specific to one such variant. Exact details such as filename, Registry key name, filesize etc will vary.

After execution, it copies itself to %windir%\system32 folder and creates a registry key in order to get executed on systemboot.

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\
Run "ssgrate.exe" = C:\WINNT\System32\system.exe
It monitors the process list and tries to termintate programs with these names:

More: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100944

Discussion is locked