by Migl
Written in Visual Basic
Released in january 2003
Made in The Netherlands
[What does this program do?] When this program is opened by the victim, it will start its search for Word-documents, Textfiles, Inifiles, Batchfiles , every important file on the victims computer will be found and copied into a directory. That directory will be shared with all WinMX users. The trojan adds the extension '.avi' to every file in that folder, else the files cannot be found on the WinMX network. When the search is over, the program adds itself to the registry to make sure that he can refresh the folder every 10 days. [How can I find his/her Files on the internet when he's infected?] Just add the victim to your hotlist, right-klick on his/her name and klick 'browse'. All the files that he shares on the WinMX network will be shown. When he has opened the trojan some weird filenames are added like 'document1.doc.avi' Remove the extension .avi to view the file that you've downloaded. [What can I do with this program?] All his Word-documents that are stored in the [my documents] folder, will be shared with the WinMX network. All you have to do is download his files from WinMX! [In which directories will be searched for files?] There will be searched for important files in: - C:\ X - C:\windows\system X - C:\windows\system32 X - C:\windows X - C:\mijn documenten - C:\my documents - [my documents folder stored in registry] An 'X' means that there will only be searched for *.dll , *.log , *.bat and *.ini files in that folder. Other folders will be completely searched (except subfolders). [IMPORTANT] When the filename of the program is 'winmxtrjn' , a help menu will appear with more information. So don't send it to your victim with this filename! The program must be send with the extensions .scr or .exe, else the program won't work. The filename of the program may be changed in everything of course. MiglMegaSecurity