shown while installing backdoor
by Ontarget
Released in May 2004
Made in Colombia
dropped files: c:\WINNT\system32\ntosrnl.exe size: 448.000 bytes c:\WINNT\system32\tokkun2.exe size: 24.576 bytes c:\WINNT\system32\tokkun2.swf size: 41.413 bytes c:\WINNT\system32\VNCHooks.dll size: 60.928 bytes port: 5800, 5900 TCP added to registry: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\ntosrnl.exe HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\tokkun2.exe HKEY_CURRENT_USER\Software\ORL\WinVNC3 HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "DVDUpgrd" data: C:\WINDOWS\system32\ntosrnl.exe tested on win2000MegaSecurity