browser.exe is a "Backdoor.Pahador"

seen here: ...yesterday, my anti virus detected a pahador.f trojan in C:\\Windows\\Browser.exe I quarantined it immediately...

It records key strokes and sends information back to a remote server

Info here:

Type: Trojan Horse

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Backdoor.Pahador is a Trojan horse that opens a back door on the compromised computer. It also sends system information to a remote server.

Once executed, Backdoor.Pahador performs the following actions:

1. Creates the following files:

• %CurrentFolder%\\tempst.exe
• C:\\Windows\\Browser.exe

Note: %CurrentFolder% is a variable that refers to the folder where the risk was originally executed.

2. Adds the value:

"Shell" = "explorer.exe [NUMEROUS SPACES] C:\\Recycler\\services.exe"

to the registry subkey:

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wi... NT\\CurrentVersion\\Winlogon

so that it is executed every time Windows starts.

3. Modifies the value:

"DisableTaskMgr" = "1"

in the registry subkey:

HKEY_CURRENT_USER\\Software\\Microsoft\\Win...

to disable the Task Manager.

4. Modifies the value:

"C:\\Recycler\\services.exe" = "C:\\Recycler\\services.exe:*:Enabled:serv...

in the registry subkey:

HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\... \\FirewallPolicy\\StandardProfile\\Authoriz...

to change the firewall settings.

5. Attempts to delete entries under the following registry subkey:

HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wi...

6. Connects to the following URL and sends system information to it:

[http://]appmsg.gadu-gadu.pl/appsvc/appms...

7. Terminates any process that has the following window title: PX22Xsgt6

8. Opens a back door on the compromised computer and allows a remote attacker to perform the following actions:

• Capture screen shots
• Log keystrokes
• Kill processes
• Uninstall itself
• View logs

[http://answers.yahoo.com/question/index?qid=20080402145815AAnOfUc][Jeff]