ScreenGrab version 2

ScreenGrab version 2
(TrojanDropper.Win32.Small.f for Server)
(Backdoor.Win32.ScreenGrab for Client)

by Underboss

Written in Visual Basic

Released in September 2001


Server:
dropped files:
c:\WINDOWS\SYSTEM\CME.DLL    size: 100.352 bytes 
c:\WINDOWS\SYSTEM\ie.exe     size: 20.480 bytes 
c:\WINDOWS\SYSTEM\SERV.EXE   size: 20.480 bytes 

port: 18400, 1061 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft"
data: ie.exe

MegaSecurity