Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/WindFind-B

Mar 5, 2004 1:08AM PST

Aliases
TrojanClicker.Win32.Doorplus.b

Type
Trojan

Description
Troj/WindFind-B is a downloader Trojan which may download and run executables from a remote location.
The Trojan copies itself to the folder C:\0000000 as mswindindex.exe and creates the following registry entries so that mswindindex.exe is run automatically each time Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MMXRUN
= 0000000\mswinindex.exe

Troj/WindFind-B may also create a number of HTML files in the same folder.

The Trojan runs continuously in the background, waiting until the user performs an internet search using one of the common search engines, such as Yahoo, Lycos, MSN Search, Google, Altavista, or Excite.


MORE: http://www.sophos.com/virusinfo/analyses/trojwindfindb.html

Discussion is locked