W32.Systentry.Trojan


Aliases: TROJ_SYSTENTRY.A
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 28 Jan 2003
Damage: Medium

Characteristics: The W32.Systentry.Trojan application is a Trojan horse that contacts a distant website from which it downloads a file. Then, it performs the downloaded file on the computer.

More details about W32.Systentry.Trojan

There are different alternatives of the W32.Systentry.Trojan.When these Trojan Horse are run, these variants usually contact a web site that is predetermined. Send information that Trojan collected from your computer’s system to the addresses’ list. Also they download list of addresses of email from the contacted site. They download, then install, and execute file taken from the contacted site. Also they create values in the registry key so that every time the Windows start these Trojan run. The variation of this Trojan contacts the web sites that are 138.117.129.33, 211.43.197.93, and 66.28.43.193. The connections of these sites are being made on port 1080 or port 80.

Upon entering the computer system, the W32.Systentry.Trojan program would automatically install itself to the computer. This now would permanently open a download port that may bypass any security application that the system may have. After which, the computer will automatically connect to predefined download sites that is listed in its code. The W32.Systentry.Trojan program this time would be able to freely download any file that is available on the download site. These files can be an installer for a virus, spyware or another Trojan that may serve as a backdoor for having a remote access on the infected computer.