|
Products
|
Code: p310 Severity: Warning
Description: Doly is a Trojan Horse. Impact: Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the machine. Later versions are capable of launching DDoS attacks. Corrective: This is a particularly difficult Trojan to remove and should only be attempted by an experienced Windows Administrator.
Edit the system registry to remove the extra keys or restore a previously known good copy of the registry.
Affected registry keys are:
HKEY_CLASSES_ROOT\exefile\shell\open\command
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\RunServices
HKEY_LOCAL_MACHINE\Hardware\Data
HKEY_LOCAL_MACHINE\Hardware\Enum
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectXMedia
Registry keys added are:
HKEY_CLASSES_ROOT\.dl
Removal of the replicant is also required, look for files ending in ".exe" or ".dll" in the
|
