Categories
Windows Antivirus

Resolve For Stinx Antivirus and Spyware for Windows

Resolve for Stinx description

A tool that removes Stinx trojan
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed.

Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.

Troj/Stinx-Q is an IRC backdoor Trojan for the Windows platform.

The Trojan may arrive as an email attachment with the filename “Photo+Article.zip”.

When first run Troj/Stinx-Q copies itself to csrnvrt.exe and creates two randomly named BAT files in the Temp folder. One of these files is used to attempt to bypass the Windows firewall. The other is used to delete the original copy of the Trojan. Troj/Stinx-Q is an IRC backdoor Trojan for the Windows platform.

The Trojan may arrive as an email attachment with the filename “Photo+Article.zip”. Typically the email has characteristics similar to the following:

Subject line:
Photo and Article

Message text:

Hello,

Your photograph has reached editing stage as part of an article we are publishing for our February edition of Traders World Monthly. Can you check over the format and get back to us with your approval or any changes?
If the picture is not to your liking then please send a preferred one. We’ve attached the photo with the article here.

Troj/Stinx-Q connects to an IRC channel and listens for backdoor commands from a remote user. Backdoor functionality includes the ability to run arbitrary commands.

The Trojan may also download further malicious code.

Troj/Stinx-Q attempts to terminate a number of processes, including some belonging to anti-virus applications.

When first run Troj/Stinx-Q copies itself to csrnvrt.exe and creates two randomly named BAT files in the Temp folder. One of these files is used to attempt to bypass the Windows firewall. The other is used to delete the original copy of the Trojan.

The following registry entries are created to run csrnvrt.exe on startup:

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
DriverModule
csrnvrt.exe

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
DriverModule
csrnvrt.exe

Troj/Stinx-R is a backdoor Trojan for the Windows platform.

The Trojan connects to an IRC server and joins a predetermined channel. The Trojan then accepts commands from remote attackers. Troj/Stinx-R is a backdoor Trojan for the Windows platform.

When first run Troj/Stinx-R copies itself to csrnvrt.exe and creates two randomly named BAT files in the Temp folder. One of these files is used to attempt to bypass the Windows firewall. The other is used to delete the original copy of the Trojan.

The following registry entries are created to run csrnvrt.exe on startup:

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
DriverModule
csrnvrt.exe

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
DriverModule
csrnvrt.exe

The Trojan connects to an IRC server and joins a predetermined channel. The Trojan then accepts commands from remote attackers.

The Trojan may also download further malicious code.

Troj/Stinx-R attempts to terminate a number of processes, including some belonging to anti-virus applications.

Troj/Stinx-S is a backdoor Trojan for the Windows platform.

Troj/Stinx-S connects to a number of remote ip addresses on port 8080, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

When first run Troj/Stinx-S copies itself to lsadst.exe and creates the following registry entries to run this file on startup:

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
WindowsProtocolLog
lsadst.exe

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
WindowsProtocolLog
lsadst.exe

Troj/Stinx-S may drop and run files called .bat in order to bypass the Windows firewall using “netsh” or in order to delete itself.

Troj/Stinx-S attempts to terminate a number of processes related to anti-virus and security programs.

Troj/Stinx-S may download and execute files from a remote website.

Troj/Stinx-U is a backdoor Trojan for the Windows platform.

Troj/Stinx-U connects to a number of remote ip addresses on port 8080, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

Troj/Stinx-U attempts to terminate a number of processes related to anti-virus and security programs.

Troj/Stinx-U may download and execute files from a remote website. Troj/Stinx-U is a backdoor Trojan for the Windows platform.

Troj/Stinx-U connects to a number of remote ip addresses on port 8080, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

When first run Troj/Stinx-U copies itself to lsadst.exe and creates the following registry entries to run this file on startup:

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
WindowsDiskEvt
svcsvh32.exe

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
WindowsDiskEvt
svcsvh32.exe

Troj/Stinx-U may drop and run files called .bat in order to bypass the Windows firewall using “netsh” or in order to delete itself.

Troj/Stinx-U attempts to terminate a number of processes related to anti-virus and security programs.

Troj/Stinx-U may download and execute files from a remote website.

Troj/Stinx-Q, Troj/Stinx-R, Troj/Stinx-S and Troj/Stinx-U can be removed from Windows computers automatically with the following Resolve tools:

Windows disinfector
STINXGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
· Open STINXGUI.com file from your desktop after downloading it.
· Click on the Start Scan Button.
· Wait for the process to complete.

Command line disinfector
STINXSFX.EXE is a self-extracting archive containing STINXCLI, a Resolve command line disinfector for use by system administrators on Windows networks.

See Demo – Download – Visit Author Site

Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!