NokNok 8.1
(Backdoor.Win32.Noknok.80.c)

by V.P.

Written in Delphi

Released in September 2000

Made in Lithuania

more versions


Server:
dropped file:
c:\WINDOWS\scanreg.exe
size: 287.232 bytes 

port: 1130, 11306, 661 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry"
old data: C:\WINDOWS\scanregw.exe /autorun 
new data: c:\windows\scanreg.exe 

tested on Windows 98
08 November 2004

MegaSecurity