Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:26/10/2005
Type:Backdoor Server
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:679.936 Bytes
MD5 checksum:c7799eab76b0ef5b1b1548e50c284c3d
VDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: Backdoor.Win32.VB.arl
   •  F-Secure: Backdoor.Win32.VB.arl
   •  Sophos: Troj/VB-BWZ
   •  Grisoft: BackDoor.Generic.BBA
   •  Bitdefender: Backdoor.Icebrak.E

Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Registry modification
   • Third party control

 Files It copies itself to the following location:
   • %SYSDIR%\server.exe

 Registry The following registry key is added in order to run the process after reboot:

   • "Norton001"="%SYSDIR%\server.exe"

 Backdoor The following ports are opened:

server.exe on TCP port 66
server.exe on TCP port 4433
server.exe on TCP port 5024
server.exe on TCP port 5600
server.exe on TCP port 6666

 File details Programming language:
The malware program was written in Visual Basic.

Description inserted by Adriana Popa on Friday, November 10, 2006
Description updated by Adriana Popa on Friday, November 10, 2006

Back . . . .