.: SuperBot Trojan 1.0 :.

Additional Details

• From: Romania
• Coded by: Ovivo
• Version: SuperBot Trojan 1.0
• Released date: Jun 2002, 20 years, 1 month ago.
• Coded in: Delphi
• Family: SuperBot Trojan 1.0
• Category: Remote Access

MegaSecurity Notes

Server:
dropped file:
c:\WINDOWS\SYSTEM\Runll32.exe 

size: 587.776 bytes

startup:
c:\windows\win.ini, [windows] "run" 

registry added:
HKEY_CURRENT_USER\Software\mIRC 
HKEY_CURRENT_USER\Software\mIRC\DateUsed 
HKEY_CLASSES_ROOT\.cha 
HKEY_CLASSES_ROOT\.chat 
HKEY_CLASSES_ROOT\ChatFile 
HKEY_CLASSES_ROOT\ChatFile\DefaultIcon 
HKEY_CLASSES_ROOT\ChatFile\Shell 
HKEY_CLASSES_ROOT\ChatFile\Shell\open 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\command 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec 
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic 
HKEY_CLASSES_ROOT\irc 
HKEY_CLASSES_ROOT\irc\DefaultIcon 
HKEY_CLASSES_ROOT\irc\Shell 
HKEY_CLASSES_ROOT\irc\Shell\open 
HKEY_CLASSES_ROOT\irc\Shell\open\command 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec 
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mIRC 

files added:
c:\WINDOWS\SYSTEM\bot.ini 
c:\WINDOWS\SYSTEM\canal.txt 
c:\WINDOWS\SYSTEM\canale.ini 
c:\WINDOWS\SYSTEM\cfg.ini 
c:\WINDOWS\SYSTEM\info.ini 
c:\WINDOWS\SYSTEM\join.ini 
c:\WINDOWS\SYSTEM\join.txt 
c:\WINDOWS\SYSTEM\master.ini 
c:\WINDOWS\SYSTEM\mirc.ini 
c:\WINDOWS\SYSTEM\pro.mrc 
c:\WINDOWS\SYSTEM\pro2.mrc 
c:\WINDOWS\SYSTEM\protection˛.conf 
c:\WINDOWS\SYSTEM\Runll32.exe 
c:\WINDOWS\SYSTEM\s.ini 
c:\WINDOWS\SYSTEM\super.ini 
c:\WINDOWS\SYSTEM\talk.ico 
c:\WINDOWS\SYSTEM\useri.ini 
c:\WINDOWS\SYSTEM\userul.ini 
c:\WINDOWS\SYSTEM\vxd.exe 
c:\WINDOWS\TEMP\temp12.exe