Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Troj_vb.fww

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Troj_vb.fww
# 1  
Old 12-30-2007
Troj_vb.fww
This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
This Trojan creates a registry entry to enable its automatic execution at every system startup.
Once executed, it searches for files with specific extensions. When it finds a match, it drops a copy of itself using the filename of the found file appended with the extension .EXE.
It also modifies the last section of the dropped file in an attempt to avoid easy detection. Furthermore, it creates a folder with an attribute set to Hidden using the file name without extension of the executed copy appended with the string 1 as the folder name.
This Trojan is written in Visual Basic, a high-level programming language.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

rmiregistry

rmiregistry(1)						      General Commands Manual						    rmiregistry(1)

NAME

       rmiregistry - Java remote object registry

SYNOPSIS

       rmiregistry [ port ]

DESCRIPTION

       The  rmiregistry command creates and starts a remote object registry on the specified port on the current host.	If port number is omitted,
       the registry is started on port 1099.  The rmiregistry command produces no output and is typically run in the background.  For example:

	      example% rmiregistry &

       A remote object registry is a bootstrap naming service that is used by RMI servers on a host to bind remote objects to names.  Clients  can
       then look up remote objects and make remote method invocations.

       The registry is typically used to locate the first remote object on which an application needs to invoke methods.  That object in turn pro-
       vides application-specific support for finding other objects.

       The methods of the java.rmi.registry.LocateRegistry class are used to get a registry operating on a particular host or host and port.

       The URL-based methods of the java.rmi.Naming class operate on a registry and can be used to look up a remote object, bind a simple (string)
       name to a remote object, rebind a new name to a remote object (overriding the old binding), unbind a remote object, and list the URLs bound
       in the registry.

OPTIONS

       The following option is supported:

       -Joption       Used in conjunction with any java option, this option passes option (no spaces between -J and option) on to the java  inter-
		      preter.

SEE ALSO

       See (or search java.sun.com) for the following:

       java.rmi.Naming @
	    http://java.sun.com/j2se/1.5/docs/api/java/rmi/Naming.html

       java.rmi.registry.LocateRegistry @
	    http://java.sun.com/j2se/1.5/docs/api/java/rmi/registry/LocateRegistry.html

								    23 Apr 2001 						    rmiregistry(1)