Ontarget 1.2.2
(Backdoor.Win32.VB.gen for Server)
(not-a-virus:RemoteAdmin.Win32.WinVNC-based.b)
(not-a-virus:PSWTool.Win32.PassViewer)

by Ontarget

lsaas.exe written in Visual Basic
pchealth.exe written in Borland C++, based on source of VNC

Released in November 2003

Made in Colombia

more versions


Server:
dropped files:
c:\WINDOWS\lsasss.exe                 size: 221.184 bytes 
c:\WINDOWS\pchealth\pchealth.exe      size: 443.392 bytes 
c:\WINDOWS\pchealth\VNCHooks.dll 
c:\WINDOWS\SYSTEM32\wbem\plushot.exe 
c:\WINDOWS\SYSTEM32\wbem\secrcw32.exe  

port: 2000, 5800, 5900, 9908, 9909 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "LettShellLangID" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "LettShellLangID" 

MegaSecurity