Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Troj_agent.asan
Special Forums Cybersecurity Malware Advisories (RSS) Troj_agent.asan Post 302205769 by Linux Bot on Monday 16th of June 2008 08:30:05 AM
Old 06-16-2008
Troj_agent.asan
This Trojan may be dropped by other malware.
It drops copy(ies) of itself.
It creates registry entry(ies) to enable its automatic execution at every system startup.
It employs registry shell spawning so that it executes when files of certain types are run. It does this by creating registry entry(ies).


More...
 

LEARN ABOUT OPENSOLARIS

wsreg_can_access_registry

wsreg_can_access_registry(3WSREG)                   Product Install Registry Library Functions                   wsreg_can_access_registry(3WSREG)

NAME

       wsreg_can_access_registry - determine access to product install registry

SYNOPSIS

       cc  [flag ...]  file ...-lwsreg [library ...]
       #include <fcntl.h>
       #include <wsreg.h>

       int wsreg_can_access_registry(int access_flag);

DESCRIPTION

       The wsreg_can_access_registry() function is used to determine what access, if any, an application has to the product install registry.

       The access_flag argument can be one of the following:

       O_RDONLY        Inquire about read only access to the registry.

       O_RDWR          Inquire about modify (read and write) access to the registry.

RETURN VALUES

       The  wsreg_can_access_registry()  function  returns non-zero if the specified access level is permitted.  A return value of 0 indicates the
       specified access level is not permitted.

EXAMPLES

       Example 1: Initialize the registry and determine if access to the registry is permitted.

       #include <fcntl.h>
       #include <wsreg.h>

       int main(int argc, char **argv)
       {
           int result;
           if (wsreg_initialize(WSREG_INIT_NORMAL, NULL)) {
               printf("conversion recommended, sufficient access denied
");
           }

           if (wsreg_can_access_registry(O_RDONLY)) {
               printf("registry read access granted
");
           } else {
               printf("registry read access denied
");
           }

           if (wsreg_can_access_registry(O_RDWR)) {
               printf("registry read/write access granted
");
           } else {
               printf("registry read/write access denied
");
           }
       }

USAGE

       The wsreg_initialize(3WSREG) function must be called before calls to wsreg_can_access_registry() can be made.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |MT-Level                     |Unsafe                       |
       +-----------------------------+-----------------------------+

SEE ALSO

       wsreg_initialize(3WSREG), attributes(5)

SunOS 5.10                                                          22 Sep 2000                                  wsreg_can_access_registry(3WSREG)
All times are GMT -4. The time now is 12:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy