The Torment Remote 1.02
(Backdoor.Win32.VB.nk)

by MaCrOBiTo h2o

Written in Visual Basic

Released in October 2003


Client:
registry added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Currency" 

file added:
c:\WINDOWS\ListIP.ini 



Server:
c:\WINDOWS\macroWIN32\services.exe 

size: 331.776 bytes
 
port: 11988 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Currency" 
Data: C:\WINDOWS\macroWIN32\services.exe 

added:
c:\WINDOWS\Conectadas Torment 1.02.ini 
c:\WINDOWS\lector offline.txt
MegaSecurity