Selected viruses, spyware, and other threats: sorted alphabetically
Installation
When executed the trojan drops in folder %temp% the following file:
sy.exe (7940 B)
The following files are dropped in the %system% folder:
rpcrt2.dll (5061 B)
rpcInit.exe (1900 B)
The library rpcrt2.dll is loaded and injected into the following process:
iexplore.exe
In order to be executed on every system start, the trojan sets the following Registry entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"rpcinit" = "%system%\rpcInit.exe"
Other information
The file %system%\rpcrt2.dll is a backdoor.
It can be controlled remotely.
It may perform the following actions:
terminate running processes
run executable files
send the list of running processes to a remote computer
set file attributes
delete folders
create folders
move files
download files from a remote computer and/or Internet
send files to a remote computer
send the list of disk devices and their type to a remote computer
