Discovered on: July 02, 2004
Last Updated on: July 03, 2004 10:18:29 AM
Backdoor.Ranky.H is a Trojan horse that runs as a proxy server. It opens a randomly selected TCP port.
Also Known As: TrojanProxy.Win32.Ranky.am [Kaspersky]
Type: Trojan Horse
Infection Length: 21,920 bytes
When Backdoor.Ranky.H is executed, it does the following:
Creates a mutex named "f4948vdb". This mutex allows only one instance of the trojan to execute.
Opens a randomly selected TCP, so that it can receive commands from an attacker. It runs as a proxy server.
Adds the value:
"ValidData"="<path to trojan>"
to the registry key:
so that the Trojan runs when you start Windows
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.