Backdoor.Win32.VB.zb
(Backdoor.Win32.VB.zb)

by ?

Written in Visual Basic

more in this category 


Backdoor.Win32.VB.zb:
dropped file:
c:\WINDOWS\HOSTS           Size: 66 bytes       (Trojan.Win32.Qhost.ai)
c:\WINDOWS\winlogin.exe    Size: 90,112 bytes 

port: 22456, 6931 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows"
data: C:\WINDOWS\winlogin.exe 


attempts to connect to an IRC Server

tested on Windows XP
July 31, 2005
MegaSecurity