Troj/Slanret-A
Aliases
Backdoor.Ierk, Backdoor-ALI.sys
Type
Trojan
Detection
A virus identity file (IDE) file which provides protection is available now from the Latest virus identities section, and is incorporated into the March 2003 (3.67) release of Sophos Anti-Virus.
At the time of writing Sophos has received no reports from users affected by this Trojan. However, we have issued this advisory following enquiries to our support department from customers.
Description
Troj/Slanret-A is a Trojan that may be used as a driver component, with the filename ierk8243.sys, by another application to gain unauthorized shared stealth access to the target computer.
Upon execution the malicious application would install Troj/Slanret-A as a device with the devicename Mp437bba8e and may set the following registry entry:
HKLM\System\CurrentControlSet\Services\Ierk8243
Functioning as a device, Troj/Slanret-A provides an interface that allows an application to run hidden with full system privileges.
Recovery
Please read the instructions for removing Trojans.
You will also need to edit the following registry entry, if it is present.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\System\CurrentControlSet\Services\Ierk8243
and remove it if it exists.
Close the registry editor.