|Backdoor.Cazno is a Trojan horse that allows an attacker to control a compromised system.
Copies itself as %System%\CAZNOVAS.exe.
Listens on a configurable port, waiting for the commands from an attacker.
Uses ICQ or IRC to send the attacker information on a compromised system.
The ICQ contact and IRC server are configurable.
Allows the attacker to control the computer and do any of the following:
- Obtain system information
- List/start/stop processes
- Control window functions (show/hide windows)
- Log keystrokes, steal passwords
- Shut down and restart the computer
- Control the Web camera
- Control file system (list, delete, rename, and create files)
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.
For manual removal, please delete any value that looks like:
"CAZNOVAS" = %system%\CAZNOVAS.exe"
in the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices