This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Trojan.Naid is a Trojan horse that opens a back door on the compromised computer.
When the Trojan is executed, it creates the following files:
The Trojan creates the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"Start" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\Parameters\"ServiceDll" = "%UserProfile%\AppMgmt.dll"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"Type" = "272"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\AppMgmt\"FailureActions" = "[BINARY DATA]"
The Trojan may create one of the following services so that it runs every time Windows starts:
The Trojan collects the following system information from the compromised computer:
unique identifier (UID)
The Trojan utilises its own custom communications protocol to connect to the following IP address over port 443:
The Trojan then opens a back door on the compromised computer.
- Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP