TroDjan 2.0
(Backdoor.Win32.Agent.ron)
(not-a-virus:RemoteAdmin.Win32.WinVNC.j)
(not-a-virus:PSWTool.Win32.Messen.aq)

by Kaju

Written in Delphi

Released in September 2008

Made in Brazil

more versions

 


Server
Dropped Files:
c:\WINDOWS\system32\wins.sys               Size: 462 bytes 
c:\WINDOWS\system32\drivers\AUTORUN.inf    Size: 79 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows NT"
Data: C:\WINDOWS\system32\win\smss.com  




Tested on Windows XP
September 21, 2008
MegaSecurity