Tomek
(Backdoor.Win32.Tomek.a)

by BugMaster

Written in Visual Basic

more in this category 


Server:
dropped files:
c:\windows\system\vmm32\winsock.exe size: 94.208 bytes
c:\WINDOWS\SYSTEM\VMM32\JPGMaker.ocx 

Port: 23 TCP

Startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Memory"
MegaSecurity