WinROOT 1.44
(Backdoor.Win32.WinROOT.100 for PwBypass.exe)
(Not detected by KAV on December 11, 2005 for Server)

by dem0nseed

Written in Visual Basic

Released in January 2002

more versions

 


# Release Notes for 01-03: (v1.43 - v1.44)

     -- dem0nseed --
      + Added a new command subset, the 'Explorer Commands' subset. With these functions you can
        show/hide the Windows Desktop Icons and show/Hide the Windows Taskbar with one click!


Server:
dropped file:
c:\WINDOWS\system\REGDLL32.EXE
size: 86,016 bytes 

port: 4842 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinROOT"
data: c:\windows\system\SYSTEM32.EXE 



tested on Windows XP
December 11, 2005
MegaSecurity