|
by Ontarget
Written in Visual Basic, based on source of VNC
Released in August 2003
Made in Colombia
|
|
Installer "huevocartoon.exe" pops up a cartoon webpage. Installer "orisinal.exe" looks like a "Orisinal Games Setup" Server: dropped files: c:\WINDOWS\lsass.exe size: 249.856 bytes c:\WINDOWS\pchealth\pchealth.exe size: 443.392 bytes c:\Program Files\Huevocartoon\huevocartoon.htm c:\WINDOWS\ISS.set c:\WINDOWS\lsass.exe c:\WINDOWS\MicrosotfDirectx.txt c:\WINDOWS\Desktop\Huevocartoon.lnk c:\WINDOWS\pchealth\pchealth.exe c:\WINDOWS\pchealth\VNCHooks.dll c:\WINDOWS\Start Menu\Programma's\Huevocartoon\Huevocartoon.lnk c:\WINDOWS\SYSTEM32\wbem\pluscold.exe c:\WINDOWS\SYSTEM32\wbem\plushot.exe c:\WINDOWS\SYSTEM32\wbem\secrcw32.exe c:\WINDOWS\SYSTEM32\wbem\trnsprov.swf c:\WINDOWS\SYSTEM32\wbem\tscfgwmi.swf port: 2000, 5555, 5800, 5900, 9908, 9909 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunMegaSecurity