.: Allmachtig :.
Released 16 years, 6 months ago. Dec 2005
By ?::actions
Additional Details
- Coded by: ?
- Version: Allmachtig
- Released date: Dec 2005, 16 years, 6 months ago.
- Family: Allmachtig
- Category: Remote Access
MegaSecurity Notes
dropped files: c:\Documents and Settings\All Users\Documents\bat.bat Size: 408 bytes c:\Documents and Settings\All Users\Documents\CSRSS.exe Size: 103,936 bytes c:\Documents and Settings\All Users\Documents\end.bat Size: 274 bytes c:\Documents and Settings\All Users\Documents\ftp2.bat Size: 1,148 bytes c:\WINDOWS\Temp\Perflib_Perfdata_28c.dat Size: 16,384 bytes added to registr: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "*!system" data: C:\Docume~1\AllUse~1\Docume~1\CSRSS.exe HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDPWD\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDTCP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDPWD\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDTCP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP\Enum tested on Windows XP December 29, 2005
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.