X-door[F331]

X-door[F331]
(Trojan.Win32.Genome.gsp)
(Backdoor.Win32.Agent.emw)
(Backdoor.Win32.Agent.eeo)

by ?

Released in November 2007

Made in China


Server
Dropped Files:
c:\WINDOWS\system32\server.dll      Size: 151,552 bytes 
c:\WINDOWS\system32\xinstall.dll    Size: 176 bytes 

Startup:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IRMON\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Irmon\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Irmon\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Irmon\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IRMON\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Irmon\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Irmon\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Irmon\Security


Tested on Windows XP
April 30, 2008

MegaSecurity