Cold Fear 2.0

Cold Fear 2.0
(Not detected by KAV on April 27, 2007)
by H4CK1TD0WN
Released in September 2006
Made in Germany

Server:
dropped files:
c:\config\antivir.exe            Size: 1,613,874 bytes 
c:\config\CS.exe                 Size: 1,613,874 bytes 
c:\config\explorer.exe           Size: 1,613,874 bytes 
c:\config\ICQ.exe                Size: 1,613,874 bytes 
c:\config\ICQLite.exe            Size: 1,613,874 bytes 
c:\config\MSN.exe                Size: 1,613,874 bytes 
c:\config\ntoskrnl.exe           Size: 1,613,874 bytes 
c:\config\paint.exe              Size: 1,613,874 bytes 
c:\config\rundll.exe             Size: 1,613,874 bytes 
c:\config\rundll32.exe           Size: 1,613,874 bytes 
c:\config\taskmgr.exe            Size: 1,613,874 bytes 
c:\config\win32.exe              Size: 1,613,874 bytes 
c:\WINDOWS\system32\Bmp2Jpeg.dll Size: 88,064 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "antivir"
data: C:\config\antivir.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CS"
data: C:\config\CS.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "explorer"
data: C:\config\explorer.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ICQ"
data: C:\config\ICQ.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ICQLite"
data: C:\config\ICQLite.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MSN"
data: C:\config\MSN.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ntoskrnl"
data: C:\config\ntoskrnl.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "paint"
data: C:\config\paint.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "rundll"
data: C:\config\rundll.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "rundll32"
data: C:\config\rundll32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "taskmgr"
data: C:\config\taskmgr.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "win32"
data: C:\config\win32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "antivir"
data: C:\config\antivir.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "CS"
data: C:\config\CS.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "explorer"
data: C:\config\explorer.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "ICQ"
data: C:\config\ICQ.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "ICQLite"
data: C:\config\ICQLite.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "MSN"
data: C:\config\MSN.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "ntoskrnl"
data: C:\config\ntoskrnl.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "paint"
data: C:\config\paint.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "rundll"
data: C:\config\rundll.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "rundll32"
data: C:\config\rundll32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "taskmgr"
data: C:\config\taskmgr.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "win32"
data: C:\config\win32.exe 




tested on Windows XP
December 16, 2006
MegaSecurity