Details
Backdoor.Tripod

This backdoor program obtains a file from the Internet and spawns it on a victim’s machine in hidden mode. Upon being run, the backdoor copies itself to Wthe indows system directory with the IESTUB32.EXE name and registers itself in system registry in the auto-run section:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
It then, depending on the current date, loads the file WELCOME.GIF from http://members.tripod.com Web site, stores it in the Windows temporary directory with the UNINST32.EXE name and spawns it. The UNINST32.EXE program’s behavior is unknown and depends only on a backdoor author’s needs.

Related Posts

This entry was posted on Tuesday, July 11th, 2006 at 4:00 am and is filed under Virus Threats.