hmmm...
This remote access server allows an attacker to perform various tasks on the infected system.
Open/close CD-ROM door
start an IRC bot
run an FTP server (allows file uploads, downloads, renames, deletion, etc.)
Retrieve system information (Computer name, CPU, Username, Windows version, Drive space, etc)
Run, terminate, list processes
Edit registry
Send messages
Swap mouse buttons
Set wallpaper
View typed keystrokes
klingt schon sehr danach.
hast du lt. page alles bereinigt?
[This remote access server allows an attacker to perform various tasks on the infected system. When the trojan is run, it copies itself to the WINDOWS SYSTEM (%SysDir%) folder as SysMap.exe and creates a registry run key to load itself at system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\
Run "Microsoft® System Mapper"=C:\WINDOWS\SYSTEM\SysMap.exe
It also drops a KeyLogger dll into the system folder: SysMap.dll ]
____________________________________
Bye Bastet
|