W32.Lamin

W32.Lamin is a virus that infects Portable Executable (PE)* files. The virus also contains a keystroke logger and an IRC backdoor Trojan.

NOTE: Definitions that have dates earlier than December 9, 2002, may detect this threat as BloodHound.W32.1.



* What are Portable Executable (PE) files?
PE files are files that are portable across all Microsoft 32-bit operating systems. The same PE-format executable can be executed on any version of Windows 95, 98, Me, NT, 2000, and XP. All PE files are executable, but not all executable files are portable.

A common example of a Portable Executable file is a screen saver (.scr) file.

Backdoor
If the IRC Backdoor Trojan component was installed on the computer, it is possible that your system has been accessed remotely by an unauthorized user. For this reason it is impossible to guarantee the integrity of a system that has had such an infection. The remote user could have made changes to the system, including but not limited to the following:

• Stealing or changing passwords or password files
• Installing remote-connectivity host software, also known as backdoors
• Installing keystroke logging software
• Configuring firewall rules
• Stealing credit card numbers, banking information, personal data, and so on
• Deleting or modifying files
• Sending inappropriate or even incriminating material from a customer's email account
• Modifying access rights on user accounts or files
• Deleting information from log files to hide such activities

To be certain that your organization is secure, you must reinstall the operating system, restore files from a backup that was created before the infection took place, and change all passwords that may have been on the infected computer or that were accessible from it. This is the only way to ensure that your system is safe. For more information about security in your organization, contact your system administrator.