PcShare XST
(Backdoor.Win32.PcClient.sd for Client)
(Backdoor.Win32.PcClient.xc for Server)

by shesh

Written in Microsoft Visual C++

Released in May 2006

Made in China

more versions

 


Server:
dropped files:
c:\WINDOWS\system32\Zrjzmhau.dll    Size: 43,192 bytes 
c:\WINDOWS\system32\Zrjzmhau.ime    Size: 94,208 bytes 

added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Multimedia\DrawDib
HKEY_USERS\S-1-5-18\Software\Microsoft\Multimedia\DrawDib

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS\Parameters "ServiceDll"
old data: %SystemRoot%\system32\sens.dll 
new data: %SystemRoot%\System32\Zrjzmhau.dll 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\Parameters "ServiceDll"
old data: %SystemRoot%\system32\sens.dll 
new data: %SystemRoot%\System32\Zrjzmhau.dll 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sens\Parameters "ServiceDll"
data: %SystemRoot%\System32\Zrjzmhau.dll 



tested on Windows XP
July 11, 2007
MegaSecurity