Kaspersky Threats

Class

Platform

Description

Technical Details

This Trojan horse is a self-extracting package that installs a program to
attack IRC clients. The Trojan then installs to the system the Serv-U FTP
server in a configuration that shares a C: drive on the victim PC for full access.
The Trojan also registers a Serv-U FTP server in the WIN.INI file in the auto-run
section.

Because of a bug, the Trojan works only when Windows is installed in the
C:WINDOWS directory. The Trojan also does not work under WinNT and
Win2000.

To remove the FTP server from the computer, it is necessary to remove the
“load=closew” from the [windows] section in the WIN.INI file and to delete the
files:

AJOUT.INI
CLOSEW.BAT
INSTLL.BAT
RUNDLLS.EXE
SERV-U.INI

Find out the statistics of the threats spreading in your region

Class	Trojan
Platform	IRC
Description	Technical Details This Trojan horse is a self-extracting package that installs a program to attack IRC clients. The Trojan then installs to the system the Serv-U FTP server in a configuration that shares a C: drive on the victim PC for full access. The Trojan also registers a Serv-U FTP server in the WIN.INI file in the auto-run section. Because of a bug, the Trojan works only when Windows is installed in the C:WINDOWS directory. The Trojan also does not work under WinNT and Win2000. To remove the FTP server from the computer, it is necessary to remove the “load=closew” from the [windows] section in the WIN.INI file and to delete the files: AJOUT.INI CLOSEW.BAT INSTLL.BAT RUNDLLS.EXE SERV-U.INI
	Find out the statistics of the threats spreading in your region

Trojan.IRC.Hack

Technical Details