Prosiak 0.70 beta 7 (b)

Prosiak 0.70 beta 7 (b) server
(Backdoor.Win32.Prosiak 0.70.7.b)

by DeathSpy

Compressed with UPX

Made in Poland


dropped files:
c:\WINDOWS\SYSTEM\Command.dll   size: 219.456 bytes 
c:\WINDOWS\SYSTEM\mskbd.vxd     size: 0 bytes 
c:\WINDOWS\SYSTEM\ShlOpen32.dll size: 218.360 bytes 
c:\WINDOWS\SYSTEM\winproc.drv   size: 217.602 bytes 

port: 800, 23, 230, 102 TCP

added to registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "ProcServer"
data: winproc.drv 

HKEY_CLASSES_ROOT\batfile\shell\open\command "(Default)"
old data: "%1" %* 
new data: Command.dll "%1" %* 

HKEY_CLASSES_ROOT\comfile\shell\open\command "(Default)"
old data: "%1" %* 
new data: ShlOpen32.dll "%1" %* 

HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: ShlOpen32.dll "%1" %* 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RConfig


tested on Windows 98
December 15, 2004

MegaSecurity