Detect Date | 02/03/2010 |
Class | Trojan |
Platform | Win32 |
Description |
After launching, the trojan uses the system utility “sc.exe” to carry out the following command sequence: sc.exe config wuauserv start= auto sc.exe config BITS start= demand sc.exe stop wuauserv sc.exe config BITS start= disabled sc.exe config wuauserv start= disabled This stops and cancels the automatic launch of the “wuauserv” service (Windows Automatic Update service), and also cancels the automatic launch of the “BITS” service (Background Intelligent Transfer Service). The trojan then opens the following resource in the Internet Explorer browser: http://windo***pdate.microsoft.com The trojan then shuts down. |
Find out the statistics of the threats spreading in your region |