Multi Bot Pro
(Backdoor.DskLite.b for winlogon.exe)

by ?

Written in Visual Basic

Released in June 2003


error message


	   


Server:
C:\WINDOWS\winlogon.exe 

size: 40.447 bytes 

port: 890 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-BAFA-00BB00B6017B} "StubPath" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Windows Logon Application" 

deleted:
all values in:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices 


file added:
c:\WINDOWS\SYSTEM\Kernel.bat  

registry added:
1246 keys

from
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\_avp32 
to
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\zonealarm 

remark:
Multi bot pro does install "C:\WINDOWS\winlogon.exe" (Backdoor.DskLite.b) after showing an error message.
It does kill firewalls and anti-virus programs. 

MegaSecurity