A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
The malware creates a dummy winlogon.exe process where it runs its malicious threads and drops the following copy:
It also creates a legitimate winlogon.exe to %windir%\system32\install\Windows.exe.
The malware creates the following registry launch point:
The following registry entries would also be created:
The malware is a reverse connection remote administration tool. It connects to chucknorris.zapto.org at port 150 to get its command.