Flux 1.0 CN
(Backdoor.Win32.Fluxdor.e for Client)
(TrojanSpy.Win32.Flux.a for Server)

by Gargamel

Written in Visual C++

Released in October 2004

more versions 





Server:
dropped file:
c:\WINNT\server.exe
size: 12,966 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winhost"
data: C:\WINNT\server.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce "*winhost"
data: C:\WINNT\server.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5B03EA60-3BE3-6DD0-4CE8-2A1B0E5E1A0D} "StubPath"
data: C:\WINNT\server.exe 2 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winhost"
data: C:\WINNT\server.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "*winhost"
data: C:\WINNT\server.exe 



tested on Windows 2000
June 11, 2005
MegaSecurity