Backdoor.DSNX

Printer Friendly Page

Discovered: April 08, 2002
Updated: April 10, 2002 4:20:46 PM
Systems Affected: Windows

Backdoor.DSNX is a backdoor. When executed, it creates an executable on the system which an attacker may use to gain remote access to the infected host. It also changes the registry so that the backdoor executable is loaded each time the system is started.

Discovered: April 08, 2002
Updated: April 10, 2002 4:20:46 PM
Systems Affected: Windows

Backdoor.DSNX is a backdoor. When executed, it creates an executable on the system which an attacker may use to gain remote access to the infected host. The name of the backdoor executable is normally NDSWan32.exe and it is created in the \WINDOWS\%SYSTEM%\ directory.

A registry key is also created to ensure the backdoor is loaded each time the system is started:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
WinDSNX=C:\WINDOWS\SYSTEM\NDSWAN32.EXE