Backdoor.Win32.VB.ov
(Backdoor.Win32.VB.ov)

by ?

Written in Visual Basic. compressed with UPX

Made in China

more in this category


dropped files:
c:\WINDOWS\WIN.EXE             size: 34.304 bytes 
c:\WINDOWS\SYSTEM\N0TEPAD.EXE  size: 34.304 bytes 
c:\WINDOWS\SYSTEM\WIN.EXE      size: 34.304 bytes 
c:\WINDOWS\TEMP\avcmhk4.dll    size: 21.568 bytes 

added / changed to registry:
KEY_CLASSES_ROOT\chm.file\shell\open\command "(Default)"
old data: "C:\WINDOWS\hh.exe" %1 
new data: win.exe hh.exe %1 

HKEY_CLASSES_ROOT\hlpfile\shell\open\command "(Default)"
old data: C:\WINDOWS\winhlp32.exe %1 
new data: win.exe winhlp32.exe %1 

HKEY_CLASSES_ROOT\inifile\shell\open\command "(Default)"
old data: C:\WINDOWS\NOTEPAD.EXE %1 
new data: N0TEPAD.EXE NOTEPAD.EXE %1 

HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
old data: C:\WINDOWS\NOTEPAD.EXE %1 
new data: N0TEPAD.EXE NOTEPAD.EXE %1 




tested on Windows 98
March 18, 2005

MegaSecurity