Friday, March 13, 2009

Trojan

Infected by a trojan. The trojan created an open UDP port at 123.
Then another TCP at 135( I think... but this port is used by Netbios).

Then it creates a folder Recycler/S-5-3-42-2819952290-8240758988-879315005-3665/jwgkvsq.vmx
Size is 159KB. It also creates an autorun.inf file with the size of 58KB.


Services stared using the svhost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs

By using services.msc I identified a few services that use svhost.exe
Service name:
1)Help and Support from the services menu.
2)COM+ Event System
3)Windows Management Instrumentation
4)Themes
5)System Event Notification

This is which i have disabled during startup so it should be the source of infection.
6)DHCP Client
7)Computer Browser
8)Secondary Logon
9)Server

1 comment:

Anonymous said...

Hi,

You might want to check up the following forum:

http://en.kioskea.net/forum/affich-43800-avg-windows-update-failure

They recommended the following:

http://www.simplysup.com/tremover/download.html

SFC