Skowisky Fire Trojan 1.0 v3

Skowisky Fire Trojan 1.0 v3
(Backdoor.Win32.VB.dpo for Server)

by sk0r alias Czybik

Written in Visual Basic

Released in February 2007

Made in Germany




Server:
dropped files:
c:\WINDOWS\system32\winmain.exe
Size: 122,880 bytes  

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
Old data: Explorer.exe 
New data: explorer.exe C:\WINDOWS\system32\winmain.exe 


Tested on Windows XP
November 06, 2008

MegaSecurity