Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Backdoor.Haxdoor. Viruses Information

Name: Backdoor.Haxdoor.
Category: Viruses
Description: Details
Backdoor.Haxdoor.o

This is a backdoor remote administration program. It spreads via the Internet using infected messages when commanded to by the author/user of the program. It is packed using FSG; the compressed file is 35792 bytes in size and the uncompressed file is 103936 bytes.
Installation
Once launched, the program installs itself in the Windows system directory as
w32_ss.exe
. It then installs the other program modules to the victim machine:
debugg.dll - main module
sdmapi.sys *
boot32.sys *
c3.dll *
c3.sys *
c4.sys *
Note: Files marked with an asterisk * will be installed only on systems running Windows NT/ 2000/ XP
The files are installed in the Windows system directory as follows:
System (Windows 9x)
System32 (Windows NT/2000/XP)
The program then registers itself in the system registry.
In systems running Windows 9x:
[HKEY_LOCAL_MACHINESystemCurrentControlSetControlMPRServicesTestService]
DllName="debugg.dll"
EntryPoint="MemManager"
StackSize=0
In systems running Windows NT/2000/XP:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifydebugg]
DllName="debugg.dll"
Startup="MemManager"
Impersonate=1
Asynchronous=1
MaxWait=1
Payload:
The program opens port 16661 and waits for client machines to connect. It has a wide range of remote administration commands, the main function being to intercept passwords on the victim machine and send them to the creator/ user of the program.
Mass mailing:
The program will mass mail messages if commanded to by the client machine. The contents of messages and attachment type are determined by the program's user and will vary widely.



Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits

Random Viruses Pages:
LG.
Rider.57
Arya.461
Vortex.Day7.161
I-Worm.Monche
Ming Famil
Macro.Word97.Wn
Trojan.Win32.Prondir.
Seat.161
AAA.80


 

© 2006-2008 spyware32.com - Privacy Policy