NetMonitor 3.0 (c) Server
(Backdoor.Win32.Netspy.30.c)
(Backdoor.Win32.NetSpy.20.k)

by Tiger Liu

aka NetSpy

Written in Microsoft Visual C++

Made in China

more versions 


Server:
dropped files:
c:\WINDOWS\SYSTEM\backdo~1.exe
size: 372.736 bytes 

c:\WINDOWS\SYSTEM\BACKDO~1HKS.DLL
size: 36.864 bytes 
 
port: 7306, 7389 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "backdo~1"
data: backdo~1.exe 

tested on Windows 98
November 30, 2004
MegaSecurity