Deng
(Backdoor.Win32.Dengdoor)

by ?

Written in Microsoft Visual C++

Released in October 2002

Made in China

more versions 


dropped file:
c:\WINNT\system32\vmisd.dll    size: 12 bytes 

port: 1074 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Backdoor.Dengdoor"

added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"

tested on win2000
MegaSecurity