Trojan.Peed.OO
MEDIUM
LOW
~131kb
()
Symptoms
Presence of the file %sysdir%\windev-####-####.sys (where # is a random digit), with a size of approx. 150kb.
Presence of the file %sysdir%\windev-peers.ini with a size of 13kb.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Petrea Ruslan, virus researcher
Technical Description:
When executed, Trojan.Peed.OO creates and executes a rootkit component, detected as Trojan.Peed.HUJ .
The rootkit injects the backdoor component into the services.exe process, hides itself and the trojan's internet activity and disables the windows firewall service.
The backdoor component, detected as Trojan.Peed.HUJ, connects to remote computers, which are listed in an encripted form in the file %sysdir%\windev-peers.ini. The backdoor is used for spamming, harvesting email addresses and for downloading and executing other malicious programs.
SHARE
THIS ON