|Backdoor.IRC.Aladinz.M is a backdoor Trojan horse that uses malicious scripts in the mIRC client software, allowing unauthorized remote access.
When it is executed, it performs the following actions:
Creates different files in %System32%\Wbem\Mof\Good\System:
@ - clean text log file
conn.dll - clean IRC dll file
csrss.dll - malicious IRC script detected as IRC Trojan
Attempts to copy itself as the following files:
Adds the value:
"MSInfo" = "msinfo.exe"
to the registry keys:
and "MSInfo" = "msinfo.exe" to
Disables DCOM support by setting the value to:
"EnableDCOM" = "N"
in the registry key:
Allows a remote attacker to control the computer. The functions provided include:
Retrieving information about the computer.
Stopping and restarting the Trojan.
Downloading and running files.
Scanning hosts for vulnerabilities using the Remacc.Dwremote.
EnabledDCOM value to "Y." in the system registry key:
And use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.
Still have a problem? Ask for help at our discussion forum.
: : Recent posts at Forums
Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0