Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Litmus-AS

Nov 24, 2003 11:36PM PST

Aliases
Backdoor.Litmus.203, BackDoor-JZ, Win32/Litmus.203.AsPack, Backdoor.Litmus.203.b

Description
Troj/Litmus-AS is a backdoor Trojan that runs in the background as a system process and allows unauthorised remote access to the computer via an IRC network connection.
The Trojan copies itself to C:\Windows\Server as svchost.EXE and adds an entry to the registry at HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LTM2 to run itself on system restart.

The Trojan may also attempt to steal passwords.

http://www.sophos.com/virusinfo/analyses/trojlitmusas.html

Discussion is locked