Backdoor.Win32.VB.zu
(Backdoor.Win32.VB.zu)

by ?

Written in Visual Basic, compressed with UPX

more in this category


Backdoor.Win32.VB.zu:
dropped files:
c:\WINDOWS\svchosts.exe          Size: 62,833 bytes 
c:\WINDOWS\system32\ckl009.dat   Size: 859 bytes 
c:\WINDOWS\system32\wsock.dll    Size: 161,280 bytes   (Backdoor.Win32.Ciadoor.13)
c:\WINDOWS\system32\wsock.ini    Size: 62,833 bytes 

port: 6333 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Generic Host Process"
data: C:\WINDOWS\svchosts.exe 




tested on Windows XP
August 31, 2005

MegaSecurity