© 2008 System-Protector.com All Rights Reserved.
Bit Defender | Kaspersky | ESET NOD32 | AVG Antivirus | F-Secure Antivirus | Trend Micro | McAfee VirusScan | Norton antivirus | CA Antivirus | Norman Antivirus | G DATA Antivirus | Panda Antivirus | AVAST Antivirus | F-Prot antivirus | PC Tools Antivirus | Webroot Antivirus | ViRobot
Latest in trend:
» viruses
BackDoor-DTA
What is Back Door - DTA virus?
What is BackDoor-DTA?
Discovered on 20th November 2008, BackDoor-DTA is a trojan that provides remote access capabilities to an attacker by opening a backdoor on the compromised machine. This is usually propagated via emails.
Characteristics
- » Existence of the Registry key described below
- » Outgoing HTTP traffic to the mentioned site(s).
How does it affect your PC?
When run, BackDoor-DTA installs itself in the following path:
%Windir%\System32\startup\svchost.exe
(Where %Windir% is the Windows installation folder, e.g. C:\Windows or C:\WINNT)
The following registry keys are added which starts the trojan at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup = "C:\WINDOWS\system32\startup"
And the following default registry keys are removed:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup: "%ALLUSERSPROFILE%\Start Menu\Programs\Startup"
The backdoor connects via HTTP to the following site(s) to notify the attacker, and waits for commands.
- » ggg.win{blocked}ibm.com
- » winet.lenovo{blocked}.com
- » winhelp.win{blocked}lenovo.com
- » 220.194.{blocked}
The backdoor has the following functions:
- » gather system information
- » create/terminate/list processes
- » list files/directories
- » download/upload files
How to remove BackDoor-DTA virus?
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.