Hacktool Dahij

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects traffic generated by the Hacktool Dahij that may download additional files on to the compromised computer.

Additional Information

Hacktool.Dahij is a hacktool that may download additional files on to the compromised computer.

Once installed, the security risk creates the following files:

* %Program Files%\e-jihad3
* %Program Files%\e-jihad3\e-Jihad.exe (detected as Hacktool.Dahij)
* %Program Files%\e-jihad3\MSWINSCK.OCX (clean library file)
* %Program Files%\e-jihad3\unins000.dat (clean data file)
* %Program Files%\e-jihad3\unins000.exe (clean uninstaller)

The security risk adds uninstall information as well as additions to the Start Menu on the compromised computer.

The security risk communicates with the following sites:

* [http://]al-jinan.net/ntar[REMOVED]
* [http://]al-jinan.net/tlog[REMOVED]
* [http://]a1-jinan.net/tnew[REMOVED]
* [http://]arddra.host.sk/ntar[REMOVED]
* [http://]www.jo-uf.net/ntar[REMOVED]
* [http://]www.jofpmuytrvcf.com/ntar[REMOVED]

Note: At the time of writing, the remote locations were unavailable.

If the security risk connects to the remote locations, it may download additional files.

The security risk requires a login to function.

Affected

  • Windows 2000
  • Windows 95
  • Windows 98
  • Windows Me
  • Windows NT
  • Windows Server 2003
  • Windows Vista
  • Windows XP

Response

Visit the Symantec Response Website for removal instructions.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube