OICQsearch 1.62

OICQsearch 1.62
(Backdoor.Win32.OICQSearch.165 for Client)
(Trojan-Dropper.Win32.Delf.bh for Server)

by ?

Written in Delphi

Released in October 2002

Made in China

more versions

client

server


Server:
C:\WINDOWS\SYSTEM\taskmon.dep 

size: 200.958 bytes

port: 102, 2648  TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "TaskMonitor" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" 
Old data: C:\WINDOWS\scanregw.exe /autorun 
New data: C:\WINDOWS\SYSTEM\scanregw.exe 

added to registry:
HKEY_LOCAL_MACHINE\.dep "(Default)" 
Type: REG_SZ 
Data: exefile 

added files:
c:\WINDOWS\SYSTEM\fuse.dat 
c:\WINDOWS\TEMP\s_temp.jpg

MegaSecurity