Backdoor.Win32.VB.iu
(Backdoor.Win32.VB.iu)

by ?

Original name unknown

Written in Visual Basic

more in this category


Backdoor.Win32.VB.iu:
dropped file:
c:\WINDOWS\system32\MANINHO .EXE
size: 131,072 bytes 

startup:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "Beoz"
data: C:\WINDOWS\SYSTEM32\MANINHO .EXE 
	
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run "Beoz"
data: C:\WINDOWS\SYSTEM32\MANINHO .EXE 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Dxdexd"
data: C:\WINDOWS\SYSTEM32\MANINHO .EXE 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Edyqlvx"
data: C:\WINDOWS\SYSTEM32\MANINHO .EXE 

HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\Gycxatbdx	
	
tested on Windows XP
September 03, 2005

MegaSecurity