by ?
Invisible Telnet server
Written in Delphi, compressed with ASPack
Released in February 2003
Made in China
Server: dropped file: C:\WINNT\System32\shadow32.exe size: 46.592 bytes port: 1119 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Shadow32" added registry keys: HKEY_USERS\.DEFAULT\Console\C:_WINNT_system32_tlntsess.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TLNTSVR HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TLNTSVR\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TLNTSVR\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TlntSvr\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TLNTSVR HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TLNTSVR\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TLNTSVR\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum remark: tested on win2000MegaSecurity