Resolve for CoreFloo-C description
A tool that removes CoreFloo-C trojan
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
Troj/CoreFloo-C is a backdoor Trojan which allows a remote intruder to access and control the computer via IRC channels.
The Trojan arrives as an installation executable with a random filename consisting of 7 characters a-z and an extension of EXE.
When the installation executable is run on Windows 95, 98 or ME (or FAT drives) it drops a DLL to the Windows System folder with a filename consisting of 7 random characters a-z and an extension of DLL.
When the installation executable is run on a Windows NT, 2000 or XP system with an NTFS drive it drops the DLL as an ADS file associated with the Windows System folder (typically System32). The new ADS file will also have a random 7-character name with an extension of DLL.
The installation executable then launches the DLL component which adds its pathname to the following registry entry, so that it is run automatically each time Windows is started:
= rundll32 %SYSTEM% .dll,Init 1
= rundll32 %SYSTEM% ,Init 1
The DLL component injects itself into the EXPLORER process making it invisible in the Task Manager process list.
Troj/CoreFloo-C also has anti-delete functionality which attempts to prevent viral processes from being terminated and resets the above registry entries if they are removed.
Troj/CoreFloo-C can be removed from Windows computers automatically with the following Resolve tools:
CORFCGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
? Open CORFCGUI.com file from your desktop after downloading it.
? Click on the Start Scan Button.
? Wait for the process to complete.
Command line disinfector
CORFCSFX.EXE is a self-extracting archive containing CORFCCLI, a Resolve command line disinfector for use on Windows networks.
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!