Discovered: April 8, 2002
Updated: April 10, 2002 4:20:46 PM
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
Backdoor.DSNX is a backdoor. When executed, it creates an executable on the system which an attacker may use to gain remote access to the infected host. The name of the backdoor executable is normally NDSWan32.exe and it is created in the \WINDOWS\%SYSTEM%\ directory.
A registry key is also created to ensure the backdoor is loaded each time the system is started:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
WinDSNX=C:\WINDOWS\SYSTEM\NDSWAN32.EXE
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine