sharK 0.5

sharK 0.5
(Trojan-PSW.Win32.IcqSmiley.e)
(not-a-virus:PSWTool.Win32.Messen.106)
(not-a-virus:PSWTool.Win32.Dialupass.f)
(not-a-virus:PSWTool.Win32.PassView.b)
(not-a-virus:PSWTool.Win32.MailPassView.130)
(Backdoor.Win32.Nucleroot.a)
(Trojan-PSW.Win32.Steam.f)

by sNiper109

Written in Visual Basic

Released in October 2006

more versions


Server:
dropped files:
c:\WINDOWS\mswinsck.ocx         Size: 108,336 bytes 
c:\WINDOWS\nkit.dll             Size: 44,544 bytes 
c:\WINDOWS\offlog.txt           Size: 132 bytes 
c:\WINDOWS\scvhost.exe          Size: 543,259 bytes 
c:\WINDOWS\shdef.exe            Size: 27,648 bytes 
c:\WINDOWS\system32\drivers\etc\hosts


startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "shdef"
data: C:\WINDOWS\shdef.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Update"
data: C:\WINDOWS\scvhost.exe 



tested on Windows XP
October 18, 2006

MegaSecurity