Installation Report: Toxic By Necro

Generated by InCtrl5, version 1.0.0.0
Install program: C:\Documents and Settings\Kobayashi\Desktop\toxic_trojan\toxic_trojan\TOXIC (trojan)\SERVER.exe
1/16/2007 3:47 PM

Contents

• Registry
• Disk Contents
• Ini Files
• Text Files

Registry

Keys ignored: 0

• (none)

Keys added: 51

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32

HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32

HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Control

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Programmable

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog\CLSID

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog\CurVer

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog.1

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog.1\CLSID

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\FLAGS

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

Keys deleted: 4

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l

Values added: 40

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MyApp"

Type: REG_SZ

Data: C:\Documents and Settings\Kobayashi\Desktop\toxic_trojan\toxic_trojan\TOXIC (trojan)\SERVER.exe

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB} "(Default)"

Type: REG_SZ

Data: Common Dialog Font Property Page Object

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB} "(Default)"

Type: REG_SZ

Data: Common Dialog Print Property Page Object

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB} "(Default)"

Type: REG_SZ

Data: Common Dialog Help Property Page Object

HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX

HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB} "(Default)"

Type: REG_SZ

Data: Common Dialog Open Property Page Object

HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX

HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB} "(Default)"

Type: REG_SZ

Data: Common Dialog Color Property Page Object

HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB} "(Default)"

Type: REG_SZ

Data: Microsoft Common Dialog Control, version 6.0

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 "ThreadingModel"

Type: REG_SZ

Data: Apartment

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus "(Default)"

Type: REG_SZ

Data: 0

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1 "(Default)"

Type: REG_SZ

Data: 132499

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID "(Default)"

Type: REG_SZ

Data: MSComDlg.CommonDialog.1

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX, 1

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib "(Default)"

Type: REG_SZ

Data: {F9043C88-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version "(Default)"

Type: REG_SZ

Data: 1.2

HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID "(Default)"

Type: REG_SZ

Data: MSComDlg.CommonDialog

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1} "(Default)"

Type: REG_SZ

Data: ICommonDialog

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid "(Default)"

Type: REG_SZ

Data: {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32 "(Default)"

Type: REG_SZ

Data: {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib "(Default)"

Type: REG_SZ

Data: {F9043C88-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib "Version"

Type: REG_SZ

Data: 1.2

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB} "(Default)"

Type: REG_SZ

Data: ICommonDialogEvents

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid "(Default)"

Type: REG_SZ

Data: {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32 "(Default)"

Type: REG_SZ

Data: {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib "(Default)"

Type: REG_SZ

Data: {F9043C88-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib "Version"

Type: REG_SZ

Data: 1.2

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog "(Default)"

Type: REG_SZ

Data: Microsoft Common Dialog Control, version 6.0

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog\CLSID "(Default)"

Type: REG_SZ

Data: {F9043C85-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog\CurVer "(Default)"

Type: REG_SZ

Data: MSComDlg.CommonDialog.1

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog.1 "(Default)"

Type: REG_SZ

Data: Microsoft Common Dialog Control, version 6.0

HKEY_CLASSES_ROOT\MSComDlg.CommonDialog.1\CLSID "(Default)"

Type: REG_SZ

Data: {F9043C85-F6F2-101A-A3C9-08002B2F49FB}

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2 "(Default)"

Type: REG_SZ

Data: Microsoft Common Dialog Control 6.0 (SP3)

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32 "(Default)"

Type: REG_SZ

Data: C:\WINDOWS\System32\COMDLG32.OCX

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\FLAGS "(Default)"

Type: REG_SZ

Data: 2

HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR "(Default)"

Type: REG_SZ

Data:

Values changed: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 53, 4D, 25, F6, 2A, 74, 48, EF, 40, 97, 73, A9, 0E, BC, 08, 70, D5, A3, 7A, 5E, 08, 93, DD, DB, 61, DE, 48, EA, D8, 6F, EB, 88, 67, CB, 69, 61, 1F, D5, 4B, FF, 18, 1E, 1A, 5D, CE, 43, FE, A4, 93, 6A, 91, DE, 62, F0, FC, 7E, 66, C7, A7, 26, 17, 0F, 32, 48, C3, 61, 48, 84, 3B, B4, 96, 9C, 81, 3F, AF, FC, A3, 91, F8, B5

New data: 08, 83, 87, 56, 86, 1C, 12, 07, 7E, 3E, 68, BF, 5E, 92, E3, 52, CA, C4, 99, 7D, 45, F5, 9D, 36, 72, EF, 51, 23, F1, A6, F4, 8A, 05, D6, 4D, 3E, B1, E3, 8F, DE, BF, 40, 70, 5F, B9, A1, 11, 5E, 30, 11, 01, 0C, 24, BB, 14, 4C, 39, 31, 92, 22, F6, 48, 8B, BA, CF, D7, 04, 7C, 87, 84, E3, 14, 5B, CF, D5, 03, 0D, 92, DC, B9

To Contents

Disk contents

Drives tracked: 1

• c:\

Files added: 3

c:\Documents and Settings\Kobayashi\Local Settings\Temp\~DF45EF.tmp

Date: 1/16/2007 3:41 PM

Size: 16,384 bytes

c:\WINDOWS\Prefetch\NET.EXE-01A53C2F.pf

Date: 1/16/2007 3:41 PM

Size: 6,330 bytes

c:\WINDOWS\Prefetch\SERVER.EXE-02C25609.pf

Date: 1/16/2007 3:41 PM

Size: 21,638 bytes

Files changed: 3

c:\Documents and Settings\Kobayashi\NTUSER.DAT.LOG

Old date: 1/16/2007 3:40 PM

New date: 1/16/2007 3:41 PM

Old size: 1,024 bytes

New size: 1,024 bytes

c:\WINDOWS\system32\config\SECURITY.LOG

Old date: 1/16/2007 3:28 PM

New date: 1/16/2007 3:42 PM

Old size: 1,024 bytes

New size: 1,024 bytes

c:\WINDOWS\system32\config\software.LOG

Old date: 1/16/2007 3:39 PM

New date: 1/16/2007 3:41 PM

Old size: 1,024 bytes

New size: 1,024 bytes

To Contents

INI file

Ini files tracked: 4

• C:\boot.ini
• c:\windows\control.ini
• c:\windows\system.ini
• c:\windows\win.ini

To Contents

Text file

Text files tracked: 2

• c:\windows\system32\autoexec.nt
• c:\windows\system32\config.nt

To Contents

InCtrl5, Copyright © 2000 by Ziff Davis Media, Inc.
Written by Neil J. Rubenking
First published in PC Magazine, December 5, 2000.