Clown is an IRC-controlled backdoor that provides the attacker with unauthorized remote access to a compromised computer. The intruder can issue specific commands in attempt to steal user sensitive information and gain control over the infected system. Clown may steal serial keys and registration details related to installed Quake 4 and Steam-based computer games. It can also disable some Windows essential tools like the Task Manager and the Registry Editor. The backdoor is able to silently update itself via the Internet. Clown automatically runs on every Windows startup.
syscom832.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit=userinit.exe,syscom832.exeHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools=1