PC Kontrol Beta

PC Kontrol Beta
(Trojan-Dropper.Win32.Small.vy)
(Backdoor.Win32.Vatos.2)
(not-a-virus:PSWTool.Win32.PassView.162)

by MAD MAX

Released in June 2006

Made in Turkey


Client is a backdoor dropper:
size: 962,586 bytes

dropped files:
c:\WINDOWS\system32\install.com    Size: 328,195 bytes 
c:\WINDOWS\system32\wincom.exe     Size: 328,195 bytes 
c:\WINDOWS\system32\wincom_.exe    Size: 628,224 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872415-GGFRT-TKMN-24F9-2154487HHGT8} "StubPath"
data: C:\WINDOWS\System32\install.com 	
	
	
	
	
Server:
dropped file:
c:\WINDOWS\system32\wincom.exe     Size: 328,195 bytes 
c:\WINDOWS\system32\install.com    Size: 328,195 bytes 
c:\WINDOWS\system32\wincom_.exe    Size: 256,592 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
data: 1 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872415-GGFRT-TKMN-24F9-2154487HHGT8} "StubPath"
data: C:\WINDOWS\System32\install.com 



tested on Windows XP
July 07, 2006

MegaSecurity