(Backdoor.Win32.Wollf.c)
by Wollf
Telnet Server
Written in C++, compressed with UPX
Released in 2002
Made in China
dropped file: c:\WINDOWS\system32\wrm.exe size: 58,173 bytes port: 7614 TCP added to registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WRM HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WRM HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WRM\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WRM tested on Windows XP November 27, 2005MegaSecurity