F-Secure Virus Descriptions : Dewin
Dewin is a backdoor that can be used by an attacker to install
unwanted programs from a website to the victim machine. When
started it copies itself to Windows Directory as 'Winreg.exe'.
This copy of the file is added to the registry as
'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemReg'
F-Secure Anti-Virus can detect this backdoor with the latest
updates.
Removal instructions
- Locate and remove the registry key
'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemReg'
- Reboot the machine
- Instruct F-Secure Anti-Virus to delete the infected file
[F-Secure Corp.; April 15th, 2002]
|