Backdoor:Win32/Leenstic.A copies itself to c:\documents and settings\administrator\application data\764287.exe.
The malware changes the following registry entries so that it runs each time you start your PC:
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sets value: "InstallShield Update Service" With data: "c:\documents and settings\administrator\application data\764287.exe"
Payload
Allows backdoor access and control
Backdoor:Win32/Leenstic.A gives a hacker access and control of your PC. They can then perform a number of different actions, including:
Downloading and running files
Uploading files
Spreading malware to other PCs
Logging your keystrokes or stealing your sensitive data
Modifying your system settings
Running or stopping applications
Deleting files
This malware description was produced and published using automated analysis of file SHA1 b75cf33e0bf27532f73448462c290fdd59e1334d.
The following could indicate that you have this threat on your PC:
You have these files:
c:\documents and settings\administrator\application data\764287.exe
You see these entries or keys in your registry:
Sets value: "InstallShield Update Service" With data: "c:\documents and settings\administrator\application data\764287.exe" In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run