Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Win32.Knooth.E

Feb 25, 2004 12:21AM PST

Alias: Downloader-GS (McAfee),
TrojanDownloader.Win32.Small.cy (Kaspersky),
Win32/Megabee.Trojan
Category: Win32
Type: Trojan
Published Date: 2/24/2004
Last Modified: 2/25/2004

CHARACTERISTICS
Win32.Knooth.E is a backdoor trojan that gives its controller unauthorized access to a victim's machine.

Method of Installation
When executed from its current directory it drops child.dll in the %System% directory. If this fails and the affected system uses NT, 2000 or XP, it places the child.dll file in the %AppData%\Microsoft directory.

Note: '%System%' is a variable location. The backdoor determines the location of the current System folder by querying the operating system. The default installation location for the System directory for Windows 2000 and NT is C:\Winnt\System32; for 95,98 and ME is C:\Windows\System; and for XP is C:\Windows\System32. %AppData% is also a varaible location. The default location for this directory on Windows NT, 2000 or XP is C:\Documents and Settings\<current user name>\Application Data. The location of %AppData% is defined by the stored value of this registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders\AppData


More: http://www3.ca.com/virusinfo/virus.aspx?ID=38398

Discussion is locked