NokNok 8.0 (a)
(Backdoor.Win32.Noknok.80.a)

by V.P.

Written in Delphi

Released in September 2000

Made in Lithuania

more versions


Server:
dropped file:
c:\WINDOWS\scanreg.exe
size: 287.232 bytes

port: 661 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry"
old data: C:\WINDOWS\scanregw.exe /autorun 
new data: c:\windows\scanreg.exe 

tested on Windows 98
08 November 2004

MegaSecurity