NetMonitor 3.0 (d)

NetMonitor 3.0 (d) server
(Backdoor.Netspy.30.d)

by Tiger Liu

aka NetSpy

Written in Microsoft Visual C++

Made in China


Server:
dropped files:
c:\WINDOWS\SYSTEM\backdo~1.exe
size: 372.736 bytes 

c:\WINDOWS\SYSTEM\BACKDO~1HKS.DLL
size: 36.864 bytes 
 
port: 7306, 7389 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "backdo~1"
data: backdo~1.exe 


tested on Windows 98
December 06, 2004

MegaSecurity