Ver Mensaje Individual
  #2 (permalink)  
Antiguo 01/03/2002, 14:16
Avatar de Marto
Marto
Colaborador
 
Fecha de Ingreso: noviembre-2001
Ubicación: Atapuerca, cuna de la Evo
Mensajes: 3.499
Antigüedad: 22 años, 4 meses
Puntos: 17
Re: Necesito Datos Sobre Virus O Troyano

Por fin lo he encontrado... :)

Vaya, no es una backdoor muy común por lo que la documentación que hay sobre el no es muy amplia. En fin aquí va la información que he encontrado, espero que te sea de ayuda.


Backdoor.Systsec
Discovered on: February 13, 2002
Last Updated on: February 15, 2002 at 11:03:16

Backdoor.Systsec is a backdoor Trojan horse. It listens on port 1034 and allows unauthorized access to an infected computer. It sets itself up to run automatically when Windows restarts.


Type: Trojan Horse
Infection Length: 329,702 bytes


Technical description:


If more than one instance of Backdoor.Systsec is run, the new one opens the next higher numbered port.

To enable itself to run at startup, it adds the value:

SystSecure32 SystSecure32.exe

to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\

Removal instructions:

Delete all files that are detected as Backdoor.Systsec and remove the value that it added to the registry.

To remove the Trojan:

1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
3. Run a full system scan.
4. Delete all files that are detected as Backdoor.Systsec.

To edit the registry:

1. Click Start, and then click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\

4. In the right pane, delete the following value:

SystSecure32 SystSecure32.exe

5. Click Registry, and then click Exit.


Un saludo y hasta la róxima. :P