Kaspersky Online Virus Scanner detected a virus : Backdoor.Win32.Small.cz
找了一下病毒資訊:
瑞星 =>
這是採用vb編寫的後門病毒。
一、添加自啟動項。
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run 增加 "Services"
二、每隔10分鐘主動連接「65.75.154.10」，通知黑客。病毒採用udp協議發送數據。
三、監聽本地TCP 11240端口，等待遠程控制命令。

vsantivirus.com =>
Trojan horse that can receive commandos via IRC.

When it is executed, copy to if same in the following connection:
c:\windows\system32\webprinter.exe

The created file has the attributes of hidden (+h).

It creates the following entrances in the registry, to autoejecutar itself in each resumption:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Printer Monitor = "c:\windows\system32\webprinter.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Printer Monitor = "c:\windows\system32\webprinter.exe"

The troyano connects to a servant IRC in the following dominion, using port TCP/80:

webprinterserver.com
----------------------------------------------------------
看樣子這一支病毒跟其他木馬搞鬼的地方差不多..