|Backdoor.Zinx is a backdoor Trojan Horse that allows a hacker to use your compter as proxy and steals information.
By default it opens ports 14728 and 24759.
The Trojan is launched using an .html file that contains malicious Visual Basic Script (VBS) code.
When the .html file is opened, it does following:
Drops the q.vbs file and executes it. The file does the following:
Drops x.exe and executes it, which terminates security programs.
Downloads q.exe from a predetermined Web site and executes it.
Drops and executes the following files:
Downloads configuration information from predetermined Web sites, and then runs svchostc.exe and svchosts.exe with these configurations.
Connects to a predetermined SMTP server and sends email message to a certain email address.
The message contains following information:
- Operating system version
- Registered user name
- Organization name
- AIM user accounts
- ICQ accounts
- Trillian accounts
- Ghisler Windows Commander and Total Commander information
- SMTP and POP email accounts and passwords
Use antivirus (also check How To Remove section)Startup Opimizer.
And navigate to the %System% folder and delete the svchosts.exe and svchostc.exe files.
Still have a problem? Ask for help at our discussion forum.