Monday, October 13, 2008

Surila Trojan

Removing Surila
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Visible Symptoms:
Files in system folders:
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe

How to detect Surila:

Files:
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tcp32sec
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcp32sec

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Surila:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
soft.stop Trojan Information
Win32.Qoologic Trojan Symptoms
Excel.Yohimbe Trojan Information
Nauj Adware Removal instruction
ClickTheButton Adware Information

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)