I keep getting this Trojan appearing in the mir.exe file, it has just started, is the game safe to play or has the file been compromised.
here is the details from the antivirus program
Discovered: April 2, 2003Updated: February 13, 2007 11:45:10 AMAlso Known As: Backdoor.GrayBird [KAV], BackDoor-ARR [McAfee]Type: Trojan HorseSystems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Backdoor.Graybird runs, it performs the following actions:
Copies itself as one of the following filenames:
%System%\Svch0st.exe
%System%\Winlogon.exe
%System%\Explorer.exe
%System%\ravmond.exe
NOTE: %System% is a variable. The Trojan locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Creates one of the following values, or a similar value, depending on the variant:
"svchost" = "%System%\Svch0st.exe"
"winlogon" = "%System%\Winlogon.exe"
"system" = "%System%\Explorer.exe"
"ravmond" = "%System%\Explorer.exe"
in the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.
If the operating system is Windows NT/2000/XP, the Trojan also creates the value:
"run" = "%system%\svch0st.EXE"
"run" = "%system%\ravmond.exe"
in the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
If the operating system is Windows 95/98/Me, the Trojan adds the line to the [windows] section of the Win.ini file:
run = C:\WINDOWS\SYSTEM\SVCH0ST.EXE
so that the Trojan runs when you start Windows.
Attempts to access the password cache stored on your computer. The cached passwords include, amongst others, the modem and dialup passwords, URL passwords, and share passwords.
Intercepts keystrokes allowing Backdoor.Graybird to steal confidential information.
Once Backdoor.Graybird is installed, it waits for the commands from the remote client.
These commands allow the Trojan's creator to perform any of the following actions:
Deliver system and network information to the Trojan's creator, including the login names and cached network passwords.
Install an FTP server, allowing the hacker to use the compromised computer as a temporary storage device.
Open or close the CD-ROM drive and perform other annoying actions.
Download and execute files.
here is the details from the antivirus program
Discovered: April 2, 2003Updated: February 13, 2007 11:45:10 AMAlso Known As: Backdoor.GrayBird [KAV], BackDoor-ARR [McAfee]Type: Trojan HorseSystems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Backdoor.Graybird runs, it performs the following actions:
Copies itself as one of the following filenames:
%System%\Svch0st.exe
%System%\Winlogon.exe
%System%\Explorer.exe
%System%\ravmond.exe
NOTE: %System% is a variable. The Trojan locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Creates one of the following values, or a similar value, depending on the variant:
"svchost" = "%System%\Svch0st.exe"
"winlogon" = "%System%\Winlogon.exe"
"system" = "%System%\Explorer.exe"
"ravmond" = "%System%\Explorer.exe"
in the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.
If the operating system is Windows NT/2000/XP, the Trojan also creates the value:
"run" = "%system%\svch0st.EXE"
"run" = "%system%\ravmond.exe"
in the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
If the operating system is Windows 95/98/Me, the Trojan adds the line to the [windows] section of the Win.ini file:
run = C:\WINDOWS\SYSTEM\SVCH0ST.EXE
so that the Trojan runs when you start Windows.
Attempts to access the password cache stored on your computer. The cached passwords include, amongst others, the modem and dialup passwords, URL passwords, and share passwords.
Intercepts keystrokes allowing Backdoor.Graybird to steal confidential information.
Once Backdoor.Graybird is installed, it waits for the commands from the remote client.
These commands allow the Trojan's creator to perform any of the following actions:
Deliver system and network information to the Trojan's creator, including the login names and cached network passwords.
Install an FTP server, allowing the hacker to use the compromised computer as a temporary storage device.
Open or close the CD-ROM drive and perform other annoying actions.
Download and execute files.
