Trojan.IRC.Hack

Home Threats Trojan Trojan.IRC.Hack

Class	Trojan
Platform	IRC
Description	Technical Details This Trojan horse is a self-extracting package that installs a program to attack IRC clients. The Trojan then installs to the system the Serv-U FTP server in a configuration that shares a C: drive on the victim PC for full access. The Trojan also registers a Serv-U FTP server in the WIN.INI file in the auto-run section. Because of a bug, the Trojan works only when Windows is installed in the C:WINDOWS directory. The Trojan also does not work under WinNT and Win2000. To remove the FTP server from the computer, it is necessary to remove the “load=closew” from the [windows] section in the WIN.INI file and to delete the files: AJOUT.INI CLOSEW.BAT INSTLL.BAT RUNDLLS.EXE SERV-U.INI

Technical Details