Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Flood-EF

Mar 16, 2004 12:38AM PST

Aliases
IRC/Flood.bl, IRC/Flood.bc, Backdoor.IRC.Upder, IRC_IRCFLOOD.BC, BAT_ALADINZ.L, TROJ_IRCFLOOD.BL, BAT_ALADINZ.K

Type
Trojan

Description
Troj/Flood-EF is an IRC backdoor that attempts to spread using Windows network shares.
The Trojan arrives as a self-extracting RAR archive navupd.exe. If the archive is opened the files upd.exe, restore.exe, pv.exe and init.bat are extracted. The self-extracting script is setup to run init.bat. Init.bat runs upd.exe as a hidden window, using the free utilty to hide running windows (remote.exe). Upd.exe is another self-extracting RAR archive that creates a folder "plugins" in the Windows system folder and extracts the following files:


More: http://www.sophos.com/virusinfo/analyses/trojfloodef.html

Discussion is locked