TROJ_ASPROX.AK
Windows 2000, XP, Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
BLOCKED: inglo-kotor.ru
This Trojan connects to a website to send and receive information.
It contains errors in its code. This stops it from performing its routines.
TECHNICAL DETAILS
64,000 bytes
EXE
No
07 Oct 2010
Connects to URLs/Ips
Backdoor Routine
This Trojan connects to the following websites to send and receive information:
- inglo-kotor.ru
Other Details
This Trojan contains errors in its code. This stops it from performing its routines.
It does the following:
- It opens ports and acts as a proxy server to allow a remote malicious user to use the affected system in concealing the said user's identity when performing malicious activities.
- Proxy servers act as an intermediary between a user and a server. Connections using a proxy server allow remote users to hide their original location since connections can only be traced to a system where this Trojan is installed.
- It is capable of gathering email addresses on the affected system which it may then use in its malicious activities.
- This Trojan attempts to connect to the following URLs to record time elapsed when accessing said URLs:
- ns.uk2.net
- www.yahoo.com
- www.web.de
SOLUTION
8.900
07.522.05
07 Oct 2010
10/7/2010 12:00:00 AM
7.523.00
07 Oct 2010
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 2
Scan your computer with your Trend Micro product to delete files detected as TROJ_ASPROX.AK. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.