Wollf (f)

(Backdoor.Win32.Wollf.f)

by Wollf

Telnet Server

Written in C++

Made in China

more versions 


dropped file:
c:\WINDOWS\system32\tcpdrv.exe
size: 79,440 bytes 

port: 32 TCP

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TCPHNDL\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcphndl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPHNDL\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcphndl



tested on Windows XP
February 27, 2006
MegaSecurity