Jesi li probao s kojim AV?
Više o njemu:
http://vil.nai.com/vil/content/v_103064.htm
Ovo su svi fajlovi koje "generira":
Code:
%Windows%\services.exe
%Windows%\system\sservice.exe
%Windows%\system32\fservice.exe
%Windows%\system32\reginv.dll (Hides the Trojan process from the process list)
%Windows%\system32\winkey.dll (Logs keystrokes belonging to application windows)
%Windows%\ktd32.atm (Stores recorded keystrokes)
%Windows=Promjenjiva za Windows direktori
I Registry ključevi koje generira:
Code:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
Explorer.exe %Windir%\system32\fservice.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed
Components\
{5Y99AE78-58TT-11dW-BE53-Y67078979Y} "StubPath"_
%Windir%\system\sservice.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
policies\Explorer\Run "DirectX For Microsoft® Windows"
%Windir%\system32\fservice.exe