Virus Name : Backdoor.Gpigeon
Virus types : Trojan
System Affected: Windows 95, 98, NT, 2000, XP, Windows Server 2003
Virus analysis :
Backdoor.Huigezi is 294076 bytes in size, written in Delphi, and packed with Aspack. It drops a copy of itself to the system directory as winreg.exe and notepod.exe. It then adds the following registry key to ensure it will run automatically each time Windows startup and Trojan file will be launched at the same time.Backdoor.Huigezi is a program that enables a remote malicious user to get nearly complete control over an infected PC. The remote malicious user is able to use the program to conduct file operations, format the disk, log keystrokes etc. This program is frequently used by as a tool by hackers. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices] "LoadWindowsFile" = "winreg.exe" [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] "LoadWindowsFile" = "winreg.exe"
Recommendation:
