| Port No | 17569 |
| Service Name | The Infector |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | The Infector 1.7 bonus like previous versions has a large server because it is released uncompressed. This allows the server to be compressed by a "hacker" and not be detected by trojan scanners. The Infector 1.7 bonus. creates a file setup.int. Setup.int is a plaintext (you can view in notepad) file which logs all of the keys you have typed. Note that this verison was released to prevent detection by trojan scanners. This is the second time the author has recompiled this trojan |
| Reference Link | The Infector |
| Attack | It Autloads: System.ini: shell=Explorer.exe MSNAPPLICATION.exeunder [boot] Features: Application manager Chat with server Enable/disable Ctrl-Alt-Del File manager Get screen shot Hide/show icons ICQ notify Key logger Open URL Open/close CD-Rom Play movie file Play sound Remove server Run file Send keys Show/hide desktop icons Shutdown, reboot, log off, or power off Windows Upload file View/close running applications Fix: Change the shell=Explorer.exe MSNAPPLICATION.exe to shell=Explorer.exe in the system.ini under [boot]. Which can be done with any other text editing program Reboot the computer or close MSNAPPLICATION.exe. Delete the trojan files d3x.drv, MSNAPPLICATION.exe and setup.int in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.