Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Domwis-A

Mar 10, 2004 12:12AM PST

Aliases
BackDoor-AOZ, BKDR_DOMWIS.A

Type
Trojan

Description
Troj/Domwis-A is an IRC backdoor Trojan which allows a malicious user remote access to an infected computer.
When first run the Trojan copies itself to the Windows folder as RUNDLL16.EXE and creates the following registry entry to ensure it is run on system logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows DLL Loader = <WINDOWS>\RUNDLL16.EXE

Troj/Domwis-A will steal system information and log keystrokes.


More: http://www.sophos.com/virusinfo/analyses/trojdomwisa.html

Discussion is locked