Winter Love 2.0 DIY
(Backdoor.Win32.WinterLove.f)
(Trojan.Win32.Regger.m)

by plunix

Written in Microsoft Visual C++

Released in March 2005

Made in China

more versions


Winter Love

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
Base config:
server port :           [ 3043 ]
server password :       [ plunix ]
password tips :         [ Need Password: ]
cmd message :           [ [plunix@root]# ]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
Service config:
service name :          [ MySrvShell ]
service displayname :   [ MySrvShell Service ]
service description :   [ Provide Windows CmdShell Class Service ]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
Ftp service config:
ftp port :              [ 21 ]
ftp login name :        [ plunix ]
ftp login pass :        [ plunix ]
ftp path :              [ MyFtp ]


plunix                                        


Server:
port: 3043 TCP

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MYSRVSHELL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MYSRVSHELL\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MYSRVSHELL\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySrvShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySrvShell\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySrvShell\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYSRVSHELL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYSRVSHELL\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYSRVSHELL\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MySrvShell
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MySrvShell\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MySrvShell\Security



tested on Windows 2000
March 12, 2005

MegaSecurity