Backdoor.Win32.VB.dy
(Backdoor.Win32.VB.dy)

by ?

MSN toolz trojan V. 1

Written in Visual Basic

Made in The Netherlands

more in this category


added to registry:
HKEY_CURRENT_USER\Software\Microsoft\RTC
HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ISAPNP\TBA03B0\FFFFFFFF\DirectSoundCapture
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\Add-Ins
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\Policies
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSoundCapture
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\DirectSoundCapture

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MSMSGS"
data: "C:\Program Files\Messenger\msmsgs.exe" /background 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Rundll"

	
tested on Windows 98
September 22, 2005

MegaSecurity