Danton 3.0 server
(Backdoor.Win32.Danton.30)

by L_Killer

Written in Delphi

Made in Poland

more versions 


Server:
dropped file:
c:\WINDOWS\system32\D_instal
size: 25 bytes
 
port: 9697, 6969 TCP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Danton3"
data: C:\WINDOWS\System32\Backdoor.Danton.30.EXE /lama 

tested on Windows XP
November 21, 2004
MegaSecurity