About Trojan Stealther.B
Stealther.B is a Trojan Horse that attempts to
hide processes, files and registry keys/values
which include CSRS*.* on Windows NT/2000/XP.
When Stealther.B is executed, it performs the
following actions:
- Copies itself to the %System% folder as Csrsrv.exe.
NOTE: %System% is a variable. The worm
locates the System folder and copies itself to
that location. By default, this is
C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32
(Windows NT/2000), or C:\Windows\System32
(Windows XP).
- Installs Csrsrv.exe as a service with the
following details:
- Name: CSRSPX
- Display name: Microsoft Protocol
Extensions
- Execute path: %System%\csrsrv -k
csrspx
- Description: Provides additional
protocols for Microsoft platforms.
- Adds the key: CSRSPX
under the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
- Executes Csrsrv.exe.
- Searches for CSRS*.* and hides the
processes, files and registry keys/values.
Trojan Stealther.B Removal
Automatic Removal: Using BPS
Adware & Spyware Remover
to detect and remove Trojan.Stealther.B AUTOMATICALLY!
Manual Removal:
Not Available.
Detection and Removal Instructions for Trojans
| 
