Trojan serves mature content off home PCs,



A new Trojan is turning Windows PCs into mature content and spam relays, possibly as a means of harvesting credit card details, researcher Richard M. Smith has discovered.

At first it was suspected that the Trojan installs a Web server on the victim's machine from which the mature content is served, but research by LURHQ indicates that it sets up a proxy which forwards the mature content and x-rated spam and so keeps the originating server hidden.

Machines hosting the Trojan are not harmed in any way, but spam recipients who check out the mature content on offer may become victims of fraud if they sign up for access using their credit cards.

The overall purpose appears to be establishing a semi-anonymous, distributed hosting scheme for malicious sites or for material that might invite retaliation from a Web host or the authorities, such as warez or kiddie mature content.

Only about two thousand home machines have been infected, but among them is a high proportion of AOL subscribers, implying that it may be spread via instant messaging. According to LURHQ it is easy to detect and defeat.

First, remove this registry key:

Software\Microsoft\Windows\CurrentVersion\Run\Login Service = wingate.exe

Then reboot the computer and remove this file:


The spam ads direct users to Russian mature content sites chiefly, sometimes using servers that were involved in a recent Paypal scam, Smith notes. ®


Retired Mod
Jan 1, 2000
Reaction score
My Satellite Setup
Sky HD, TM6800HD, Manhattan Plaza ST550 and TM1500 CI+. 1.0m dish and 36v motor, Panasonic DVD HDD recorder and Panasonic video/DVD recorder. Sony G800 HD TV stand/surround system + Sony KDL40W2000. Infinity USB, Elvis, CAS1, CAS2.
My Location
Greater London
Wingate is a legitimate software program for sharing a proxy server and setting up virtual private networks (VPN).'s being 'dropped' into PCs where there are open ports. Important, then, to keep ports in stealth mode behind a firewall. Running 'Shields Up' will check the ports.