PcShare 2005 Build 1130 VIP

PcShare 2005 Build 1130 VIP
(Backdoor.Win32.PcClient.uc)
(Backdoor.Win32.PcClient.yv)
(Backdoor.Win32.PcClient.nu)
(Backdoor.Win32.PcClient.on)
(Backdoor.Win32.PcClient.is)
(Backdoor.Win32.PcClient.gv)
(Backdoor.Win32.PcClient.ir)
(Backdoor.Win32.PcClient.py)
(Backdoor.Win32.PcClient.ab)
(Rootkit.Win32.Agent.av for PcHide.sys)

by shesh

Written in Microsoft Visual C++

Released in December 2005

Made in China

more versions


Server:
added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM\0001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FCC0546B-075A-4729-96D6-CD283E50D55B}\Parameters\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WSH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WZCSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\MediaCategories\{FB6C4286-0353-11d1-905F-0000C0CC16BA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\DirectInput\VID_06F8&PID_A303
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCompatibility\_SETUP.EXE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{FCC0546B-075A-4729-96D6-CD283E50D55B}\Parameters\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WSH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WZCSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaCategories\{FB6C4286-0353-11d1-905F-0000C0CC16BA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_06F8&PID_A303
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Redbook\SpecialTargetList\SCSI#CdRomPLEXTOR_CD-R___PX-R412C_
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility\_SETUP.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MVWOEGHA\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{FCC0546B-075A-4729-96D6-CD283E50D55B}\Parameters\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WZCSVC


tested on Windows 2000
December 25, 2005

MegaSecurity