Troj/Unreal-A

Name: Troj/Unreal-A
Type: Trojan
Date: 5 August 2002


Sophos has received several reports of this Trojan from the
wild.

Note: Sophos Anti-Virus has been detecting Troj/Unreal-A since
July 2002, but has issued this IDE to improve detection.


Description
Troj/Unreal-A is an executable that displays the brief message "Installing Unreal Tournament 2003 15daycrack" and extracts a number of files to a subfolder named system under the standard Windows System folder. The Trojan then reboots the computer without warning.

Among the extracted files are svchost.exe, explorer.exe, iw.dll, several INI (mIRC script) files and a registry file named svchost.reg. The dropper imports svchost.reg which adds the following entries to the registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\
mIRC DisplayName = "mIrc"

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\
mIRC UninstallString = "SVCHOST.EXE -uninstall"

Uninstallation of mIRC using the "Add-Remove Programs" control panel applet triggers uninstallation of the Trojan. However this self-removal routine is buggy and the folder containing SVCHOST.EXE must be manually removed.

To launch itself at Windows Startup, the Trojan adds the registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run svchost =

Explorer.exe is passed svchost.exe on the command line to launch that executable. Explorer.exe is not viral; its function is to launch an application and immediately hide the main window.

If svchost.exe is executed from the command line or from the Windows shell, it appears to be a mIRC-like chat program. When launched using the dropped explorer.exe, it runs invisibly. In both cases, the Trojan listens on port 59 and the identd port for TCP connections. The process is visible and can be killed using the Task Manager under all versions of Windows.



More information about Troj/Unreal-A can be found at
http://www.sophos.com/virusinfo/analyses/trojunreala.html

 

yup look people if you actualy going to surf the dark side it simple i dont recomend it but i know you are going to anyways if yo have already been.

so heres a few pro tips from a x darksider from the internet.

A never dowen load an x box emulator or x box dvd player as well as the ps 2 emulator and ps2 movie player there fake and there trojan and virus infested.

B never dowen load a security aplication god knowswhat some hacker did to it if they say it free it isnt theres a horriable catch

c stay alway from warez sites any other ones with out the warez logo is most likely safer

d only games movies and mp3 as will as simple applications are safer to dowenload.

e virus scan and trojan scan and worm scan anmthing you dowenload.

algain im not promoting piracy or illigal stuff im just telling you dont but if you do be safe and where two condomes cause the dark side of the internet is like a girl hooker from comption you dont know where shes been and expect to get a nasty surprise.

its better to shell out the money then it is to think your geting alway with something only to find your hard drive wiped out=)lol