Written in Delphi

Released in June 2002

Secret commands:
----------------

If you create a directory with the name "removeftp" in c:\, the FTP Backdoor and all it's
traces will be erased from the victim and the backdoor will shutdown. The directory you
have created will be deleted too.

If you create a directory with the name "closeftp" in c:\, the FTP Backdoor will be closed
but it will be started after a reboot. The directory you have created will be deleted too.

ReSoiL


Server:
c:\WINDOWS\SYSTEM\Irtray.pif 

size: 258.048 bytes

port: 24464 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Irtray"