PS Devil 2.2 Pro

PS Devil 2.2 Pro
(Backdoor.Win32.Vb.qb for Server)
(Trojan-PSW.Win32.VB.gi for EditServer)

by s8t8s & LoveR StudEnt

Written in Visual Basic

Released in February 2004

Made in the Middle East




Server:
dropped file:
c:\WINDOWS\SYSTEM\DOSDLL32.EXE

size: 160.000 bytes
 
port: 9009, 2230, 2231 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "DOSDLL32"
data: C:\WINDOWS\SYSTEM\DOSDLL32.exe 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "DOSDLL32"
data: C:\WINDOWS\SYSTEM\DOSDLL32.exe

MegaSecurity