WinROOT 1.43
(Backdoor.Win32.WinROOT.100)
(Not detected by KAV on December 10, 2005 for Server)

by dem0nseed

Written in Visual Basic

more versions

 


# Release Notes for 01-02: (v1.40 - v1.43)

     -- dem0nseed --
      + I added the 'help' command to the remote console. Now you can look up
        the commands while in the console rather than searching for the
        readme. 
      + The server returns more information when the 'Get System Information'
        button is clicked.
      + Fixed a few bugs here-and-there
        - The password protection vulnerability was never fixed because it doesnt
          pose as a problem to me. Not many people use the password protection.
          If you feel it IS a problem, then contact me and I will fix it. But for
          right now I will leave it because if you forget the server password...
          you can get around it *if you know how* ;-)
      + Added the return of an AOL Instant Messenger encoded password!


Server:
dropped file:
c:\WINDOWS\system\REGDLL32.EXE
size: 61,440 bytes 

port: 4842 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinROOT"
data: c:\windows\system\REGDLL32.EXE 




tested on Windows XP
December 10, 2005
MegaSecurity