Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Cidra-D

Mar 9, 2004 1:05PM PST

Type
Trojan

Description
Troj/Cidra-D is a backdoor proxy Trojan that allows a remote intruder to relay TCP traffic through the compromised computer.
The Trojan normally runs as the file usb_d.exe. In order to be executed automatically when the user logs on to the computer Troj/Cidra-D adds a registry entry at the following location:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Usbd

The Trojan opens a random listening port and periodically attempts to connect to a remote website to register itself.

The Trojan also has the ability to download and execute a file from a remote
website.

Troj/Cidra-D appears to have been spammed out.

http://www.sophos.com/virusinfo/analyses/trojcidrad.html

Discussion is locked