Rewind 1.2

Rewind 1.2
(Backdoor.Rewindor.12)
(Backdoor.Vb.mh for install winsock.exe)
(Backdoor.NetDevil.10.Logger for b.cgi)

by Loki & B33T

Written in Visual Basic

Released in november 2003


Server:
c:\WINDOWS\Msgrt32.exe 

size: 438.424 bytes 

port: 1263, 1266, 6000, 6001 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "msgrt32" 

added:
c:\WINDOWS\DIjpg.dll 
c:\WINDOWS\Winsys32.exe

MegaSecurity