Know Your Malware: Clown Removal

Clown is an IRC-controlled backdoor that provides the attacker with unauthorized remote access to a compromised computer. The intruder can issue specific commands in attempt to steal user sensitive information and gain control over the infected system. Clown may steal serial keys and registration details related to installed Quake 4 and Steam-based computer games. It can also disable some Windows essential tools like the Task Manager and the Registry Editor. The backdoor is able to silently update itself via the Internet. Clown automatically runs on every Windows startup.

Related files: syscom832.exe, serfer.ini

Clown properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Clown, removal instructions

Linked by shanmuga Tuesday, 20th December 2005 12:00PM