Win32/Shell [Threat Name] go to Threat

Win32/Shell.E [Threat Variant Name]

Category trojan
Size 49152 B
Detection created Feb 02, 2006
Detection database version 0.11392
Aliases Backdoor.Win32.Shell.c (Kaspersky)
  BackDoor.RemoteShell (Dr.Web)
  Backdoor.Tinydog (Symantec)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

When executed, the trojan copies itself in some of the the following locations:

  • %windir%\­iexplorer.exe
  • %windir%\­system\­iexplorer.exe
  • %windir%\­system32\­iexplorer.exe

The trojan registers itself as a system service using the following name:

  • Remote Procedure Call (RPC) Provider

This causes the trojan to be executed on every system start.


After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan serves as a backdoor.


It can be controlled remotely.


It can execute the following operations:

  • set up a proxy server
  • execute shell commands

The malware configuration is passed as command line parameters when the malware executable is launched.

Please enable Javascript to ensure correct displaying of this content and refresh this page.