Telserver 3.0
(Backdoor.Win32.Telserver.a)
(Backdoor.Win32.Telserv.30)
(not-a-virus:Server-FTP.Win32.Tftpd.c for tftp.exe)

by CNhonker

Written in Visual Basic

Released in May 2002

Made in China

more versions


Server:
dropped file:
C:\WINDOWS\expleror.exe 

size: 22.016 bytes

port: 50, 51 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SERVERS" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce "SERVERS" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "SERVERS" 
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" 

remark:
Does not restart while "C:\WINDOWS\expleror.exe" is not created

MegaSecurity