GWGhost 2.71
(Backdoor.Win32.GWGirl.27)
(Backdoor.Win32.GWGirl.271 for Server)

by Machine_GW

Compressed with ASPack

Made in China

Released in April 2000

more versions 




Server:
c:\WINDOWS\SYSTEM\scanregw.exe 

size: 37.120 bytes

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" 
Old data: C:\WINDOWS\scanregw.exe /autorun 
New data: C:\WINDOWS\SYSTEM\SCANREGW.EXE /autorun 

added:
c:\WINDOWS\SYSTEM\DXInput.dll
MegaSecurity