• Home
• >Threat Encyclopaedia
• >Descriptions
• > Win32/Fusing.AJ

Short description

Win32/Fusing.AJ installs a backdoor that can be controlled remotely.

Installation

When executed, the trojan creates the following folder:

The folder may have the System (S) and Hidden (H) attributes set in attempt to hide the folder in Windows Explorer.

The following file is dropped into the %systemdrive%\Documents and Settings\Local User folder:

The pcguard.dll file(s) may have the System (S) and Hidden (H) attributes present in attempt to hide the file in Windows Explorer.

The trojan registers itself as a system service using the following name:

The trojan replaces file(s) referenced by the following Registry entries with its own copy or with another malware file:

It avoids processes which contain any of the following strings in their path:

The following Registry entries are set:

This causes the trojan to be executed on every system start.

A string with variable content is used instead of %variable1-2% . Variables %string% represent strings written in the Chinese language.

The trojan deletes the original file.

Other information

The trojan acquires data and commands from a remote computer or the Internet. The trojan contains a list of URLs. The TCP protocol is used.

It can execute the following operations:

The trojan launches the following processes:

The trojan creates and runs a new thread with its own program code within the following processes:

• Contact |
• Privacy |
• Legal Information |
• Sitemap