TCP_Infector.1.x

Code: p13

Severity: Warning

Description: Infector is a Trojan Horse.??

Impact: Possible theft of data via download, upload of files, execution of files and reboot the targeted machine.

Corrective: Edit the system registry to remove the extra keys or restore a previously known good copy of the registry. Affected registry keys are: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices Registry keys added are: apxil32 = apxil32.exe Removal of this entry is required. Delete the file :\WINDOWS\Apxil32.exe Ending the Trojan process is also necessary. A reboot of the infected machine is recommended. A change is also made to the win.ini file, the line run=apxil32.exe apxil32.exe is added and should be deleted.