Backdoor.Win32.Tripod

Home Threats Backdoor Backdoor.Win32.Tripod

Class	Backdoor
Platform	Win32
Description	Technical Details This backdoor program obtains a file from the Internet and spawns it on a victim’s machine in hidden mode. Upon being run, the backdoor copies itself to Wthe indows system directory with the IESTUB32.EXE name and registers itself in system registry in the auto-run section: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun It then, depending on the current date, loads the file WELCOME.GIF from http://members.tripod.com Web site, stores it in the Windows temporary directory with the UNINST32.EXE name and spawns it. The UNINST32.EXE program’s behavior is unknown and depends only on a backdoor author’s needs.
	Find out the statistics of the threats spreading in your region

Technical Details