by CrAzzyWak
Released in July 2000
Backdoor.Win32.CrazyNet: dropped files: c:\winstart.bat size: 25 bytes data: C:\WINNT\Registry32.exe c:\WINNT\Registry32.exe size: 321.080 bytes port: 17500, 17499 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Reg32" data: Registry32.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: Registry32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe Registry32.exe tested on Win2000MegaSecurity