This backdoor has a server and a client component.
Basically the server works like the client, but invisible, with server functions built into it,
designed to access the remote computer through a router, LAN or proxy server.
When Backdoor.Lanfiltrator runs, it performs the following actions:
It copies itself as a predefined name into the %windir% or the %system% folder.
The Trojan creates the value
in the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan starts with Windows.
The Trojan hooks keyboard and mouse inputs, and may terminate many antivirus and firewall products.
The commands allow the hacker to perform the following actions:
Manage the installation of the Trojan
Manage files and processes, and modify the registry
Download and execute files
Deliver system information to the hacker
Perform annoying actions
Intercept confidential information by hooking keystrokes
Alter system parameters
Communicate with a server through an opened chat window
Retrieve ICQ, MSN, and AIM instant messenger passwords
The manual removal of the trojan can be accomplished by deleting the infected file and removing the registry entry.
| 
