McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

== Update 12 June 2009 ==

This Trojan is dropped by other malware and injected into a running processes, usually winlogon.exe. When run, it places a copy of itself into %WINDIR%\system32 (where %WINDIR% is usually C:\Windows). The filename beings with SKYNET followed by random characters. Examples of file names include:

• SKYNETxenklypj.dll
• SKYNETwsp.dll

It also collects system data and appends it to %WINDIR%\system32\SKYNETlog.dat. From time to time, it makes a copy of itself in %WINDIR%\Temp. The filename beings with SKYNET followed by random characters. Examples of file names include:

• SKYNETtivnlnsmjn.tmp
• SKYNETdcvmwmqgam.tmp

Symptoms

• Presence suspicious files in the %WINDIR%\system32 and %WINDIR%\Temp folders

Method of Infection

This Trojan is dropped by other malware.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

== Update 12 June 2009 ==

This Trojan is dropped by other malware and injected into a running processes, usually winlogon.exe. When run, it places a copy of itself into %WINDIR%\system32 (where %WINDIR% is usually C:\Windows). The filename beings with SKYNET followed by random characters. Examples of file names include:

• SKYNETxenklypj.dll
• SKYNETwsp.dll

It also collects system data and appends it to %WINDIR%\system32\SKYNETlog.dat. From time to time, it makes a copy of itself in %WINDIR%\Temp. The filename beings with SKYNET followed by random characters. Examples of file names include:

• SKYNETtivnlnsmjn.tmp
• SKYNETdcvmwmqgam.tmp

Symptoms

Symptoms -

• Presence suspicious files in the %WINDIR%\system32 and %WINDIR%\Temp folders

Method of Infection

Method of Infection -

This Trojan is dropped by other malware.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants -

N/A