Backdoor.Win32.VB.ow
(Backdoor.Win32.VB.ow)

by ?

Written in Visual Basic

Made in Brazil

more in this category


dropped files:
c:\WINDOWS\regbck.sys        Size: 331,776 bytes 
c:\WINDOWS\windata.exe       Size: 331,776 bytes 
c:\WINDOWS\system\msjis.exe  Size: 331,776 bytes 

port: 113, 6667 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Network Control"
data: C:\WINDOWS\windata.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Network Registry Control"
data: C:\WINDOWS\system\msjis.exe 

attempts to connect to an IRC Server


tested on Windows XP
april 17, 2005

MegaSecurity