PC Invader 0.7alfa6
(Backdoor.Win32.PCInvader.07.a6)

by Heraldo J. A. Carneiro Filho

Compressed with PEtite

Released in May 1999

more versions


Server:
dropped files:
c:\WINDOWS\AsdDLL32.exe         size: 240.411 bytes 
c:\WINDOWS\SYSTEM\Mprexe16.com  size: 240.411 bytes 
c:\WINDOWS\SYSTEM\PCIDev32.exe  size: 240.411 bytes 

port: 14500, 14502, 14503, 14501 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PCI Device 32"
data: C:\WINDOWS\SYSTEM\PCIDev32.exe 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WIN16/DOS Network Interface Service Process"
data: C:\WINDOWS\SYSTEM\Mprexe16.com 

c:\windows\win.ini, [windows] "run"
value: C:\WINDOWS\AsdDLL32.exe
 
tested on Windows 98
November 17, 2004

MegaSecurity