| Antivirus | Spyware & Adware removal | Registry Cleaner | Windows updates | Web Protection |

    ¤ Solutions
 »  Security Main Page
 »  Virus Removal
 »  Spywares Removal
 »  Trojans Removal
 »  Our Forums
 »  Our Blogs
    ¤ Populer Threads
 »  Remove fake Antivirus
 »  Rmov SpywareGuard 2008
 »  Remove Sinowal trojan
 »  Remove Virtumonde
 »  Remove Vundo troajn
 »  Google Search redirect
 »  Trojan Downloader
 »  Trojan Dropper
 »  Trojan Generic
 »  Worm32 NetBooster
 »  Zlob trojan removal
 »  Generic Host Proccess
 »  Remove Winweb Security
 »  Virus Trigger Removal
 »  Spyware CyberLog-x
 »  Cookies - 207.net
 »  AdWare.Adrotator
 »  See Other virus removal
    ¤ Tweaks
 »  Proxy Sites
 »  Computer & Internet
 »  Folder Lock
 »  Hack Windows Admin
 »  Windows Utilities - Tips

    ¤ Downloads
 »  Super Anti Spyware
 »  MalwareBytes
 »  Threat Fire
 »  Anti Viruses
 »  Firewalls
 »  Registry Cleaners
 »  See all Downloads

 
Remove Trojan w32 Srizbi.gen

Trojan:Win32/Srizbi.gen

Also Known As:
W32/Rootkit.AAX (Authentium (Command))
BackDoor.Generic8.CJX (AVG)
Win32/Rootkit.Agent.NCW (ESET)
Rootkit.Win32.Agent.ea (Kaspersky)
Generic.dx (McAfee)
W32/Agent.CXNI (Norman)
Troj/RKAgen-Fam (Sophos)
Trojan.Srizbi (Symantec)
RTKT_AGENT.JWI (Trend Micro)

Summary
Trojan:Win32/Srizbi.gen is a generic detection for Trojans that connect to remote sites to retrieve spam messages. It also uses rootkit techniques in order to hide itself from the affected user.

Symptoms
Threats generically detected as Trojan:Win32/Srizbi.gen cover a broad range of variants, hence, there are few symptoms that can be listed specific to a Trojan:Win32/Srizbi.gen installation - files and registry entries may be hidden by Win32/Srizbi.



Technical Information
Trojan:Win32/Srizbi.gen is a generic detection for Trojans that connect to remote sites to retrieve spam messages. It also uses rootkit techniques in order to hide itself from the affected user.

Installation
It arrives on the system with a dropper executable that drops and installs the following rootkit driver onto the affected machine:
\windbg48.sys
It installs itself as a service by creating the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windbg48

It also adds the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcAp\MachineNum = “[random]”

It drops the following temporary batch file - this file is used in order to automatically delete itself after the rootkit has been installed:
%Temp%\_uninsep.bat

Payload
Deletes Files
It deletes files located on the following directory:
\Minidump

Uses Advanced Stealth
The driver component is used to hide the Trojan file, its registry modifications and associated network traffic.

Generates Spam
Trojan:Win32/Srizbi.gen connects to remote sites to retrieve data used for sending spam messages.

Additional Information
Attackers may be targeting news events such as elections, or public entertainers. An example of spam messages containing a link to a Web site hosting the trojan is shown below.
Hillary Clinton visited her campaign headquarters in Virginia and did satellite interviews, looking beyond Tuesday's trio of contests and touting the importance of a March 4 vote in Ohio.


This Malious Software can be removed using MICROSOFT MALICIOUS SOFTWARE REMOVAL TOOL

download microsoft malicious software removal tool



Custom Search

 

 
 
eXTReMe Tracker
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair

         About DARFUN INC © Copyright darfuns.com
                 DARFUN CORPORATION. 2004 est