sharK 0.60
(not-a-virus:PSWTool.Win32.PassView.b)
(not-a-virus:PSWTool.Win32.Messen.106)
(not-a-virus:PSWTool.Win32.Dialupass.f)
(not-a-virus:PSWTool.Win32.MailPassView.130)
(Backdoor.Win32.Nucleroot.a)
(Backdoor.Win32.VB.awr)
(Backdoor.Win32.VB.aym)
(Backdoor.Win32.VB.bax)
(Trojan-PSW.Win32.Steam.f)

by sNiper109

Released in October 2006

more versions

 


Server:
dropped files:
c:\WINDOWS\mswinsck.ocx    Size: 108,336 bytes 
c:\WINDOWS\nkit.dll        Size: 44,544 bytes 
c:\WINDOWS\scvhost.exe     Size: 510,167 bytes 
c:\WINDOWS\shdef.exe       Size: 27,648 bytes 


startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "shitbit"
data: SOFTWARE\Microsoft\Windows\CurrentVersion\Run 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(Default)"
data: C:\WINDOWS\scvhost.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntiVir"
data: C:\WINDOWS\scvhost.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "icq lite"
data: C:\WINDOWS\scvhost.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msconfig"
data: C:\WINDOWS\scvhost.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "shdef"
data: C:\WINDOWS\shdef.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Update Checker"
data: C:\WINDOWS\scvhost.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Update"
data: C:\WINDOWS\scvhost.exe 


tested on Windows XP
November 01, 2006
MegaSecurity