Registry Cleaner Geeks

November 14, 2009 2:34:17 AM

Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Once executed, the Trojan creates the following files:

* %System%\nwwwks.dll
* %System%\rdisk.dll
* %System%\skeys.dll
* %System%\SvcHost.DLL.exe
* %System%\SvcHost.DLL.log

It then creates the following folder:
%SystemDrive%\drivers\own\

The Trojan registers the file %System%\nwwwsk.dll as a new service with the following characteristics, so that it runs every time Windows starts:
Service Name: Gateway Service For Netware
Display Name: Gateway Service for Netware
Startup Type: Automatic

It creates the service by adding entries to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWC
workstation

The Trojan opens a back door on the compromised computer allowing a
remote attacker to perform some of the following actions:

* Download, upload, delete and execute files
* List, stop, and start processes and services.

It gathers the following information on the compromised computer:

* Available Network Resources
* Computer Name
* Drives connected and type of drive.
* Free Space on each drive
* Operating System and Version
* Processor Type
* System Memory
* System uptime
* User Name.

The Trojan copies all files with the following extensions to the %SystemDrive%\drivers\own\ folder and sends them to a predetermined
remote location:

* .doc
* .pdf
* .ppt
* .rar
* .zip

FREE SCAN:

Please click here for manual removal instructions.