Backdoor rxBot

Re: trojans

#4977 by EP_X0FF
Wed Feb 09, 2011 4:13 pm

jku.exe - VB Trojan Downlaoder (nemliler\downlaoder\source\source.vbp)

http://www.virustotal.com/file-scan/rep ... 1297267042

hxxp://www.google.com.tr/url?sa=t&source=web&cd=63&ved=0CCEQFjACODw&url=http%3A%2F%2Fwww.wmdestek.com%2Fwebmaster-genel-konular%2F&rct=j&q=webmaster%20destek&ei=HKJRTYiLAorLswaGquzWBg&usg=AFQjCNFFUbaiqyou41_FzCPEMEdrYwJUpA

Runs through HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\winlogon as SVSHOST

s.exe
son2.exe

IRC Backdoor rxBot (too much sensitive strings in unpacked to post here)

http://www.virustotal.com/file-scan/rep ... 1297267767
http://www.virustotal.com/file-scan/rep ... 1297267206

This mod of rxBot is dedicated to Pia Gerhardt (nameless@efnet/ircnet), the Beautiful Operatress from Heaven (or Bitch Operatress from Hell?) who I love so much.

Runs through
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

as C:\WINDOWS\system32\scan.exe (s.exe runs as agl.exe)

Thread name changed to be more descriptive

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Backdoor rxBot

Attachments

Re: trojans