English 
Rado Rado
By
GoldSparrow in 
Loading ...
Rado Description
Rado is a backdoor trojan that allows an attacker unauthorized remote access to a compromised computer. Once executed, the threat displays a fake error message containing the text “Incompatible Windows version”. Then it registers itself in the system and notifies the intruder by sending him an ICQ message. Rado can terminate running antivirus programs and firewalls. The backdoor runs on every Windows startup.
Type: Backdoors
Automatic Detection of Rado
Rado has typically the following processes in memory:
- winupdate.exe
Rado creates the following registry entries:
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServiceswinupdate.exe
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwinupdate.exe
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftKernel
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunwinupdate.exe
Important Article Disclaimer
This entry was posted
on 11/2/08 and is filed under Backdoors.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
