QQsearch 1.80

QQsearch 1.80
(Backdoor.Win32.OICQSearch.180)

by ?

Written in Delphi

Released in February 2004

Made in China

more versions

client

server


Server:
dropped files:
c:\WINNT\use32.dat                    size: 6 bytes 
c:\WINNT\system32\fuse.dat            size: 60 bytes 
c:\WINNT\system32\msacs16.dll         size: 16.896 bytes 
c:\WINNT\system32\scanregw.exe        size: 114.696 bytes 
c:\WINNT\system32\drivers\notepad.exe size: 114.696 bytes
 
port: 3426, 3427, 3428, 3431, 3432, 3433, 3434, 3435, 3436, 3437, 3438, 3439, 3430  TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "scanregw"
data: C:\WINNT\system32\Scanregw.exe

HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
data: C:\WINNT\system32\drivers\notepad.exe %1

MegaSecurity