VatosAjan Pro (c)

VatosAjan Pro (c)
(Constructor.Win32.Vatos.cb)
(Backdoor.Win32.Vatos.a for Server)

by ?

Compressed with UPX

Made in Turkey


Server:
dropped files:
c:\sysrestore.vbs    Size: 179 bytes 
c:\WINDOWS\system32\sysocxw.com                                                    Size: 45,570 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\avlist.vts   Size: 485 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ieakhtm.dll  Size: 57,344 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\log.vts      Size: 2,867 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\mailpas.exe  Size: 42,496 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\messnger.exe Size: 41,984 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\netpas.exe   Size: 37,376 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\nreg.exe     Size: 31,744 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\plugin.exe   Size: 171,008 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ser.dat      Size: 93 bytes 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872415-GGFRT-TKMN-24F9-2154487HHGT8}

tested on Windows XP
October 15, 2005

MegaSecurity