.: SuperBot Trojan 1.0 :.
Released 20 years, 1 month ago. Jun 2002
By Ovivo::actions
Additional Details
- From: Romania
- Coded by: Ovivo
- Version: SuperBot Trojan 1.0
- Released date: Jun 2002, 20 years, 1 month ago.
- Coded in: Delphi
- Family: SuperBot Trojan 1.0
- Category: Remote Access
MegaSecurity Notes
Server: dropped file: c:\WINDOWS\SYSTEM\Runll32.exe size: 587.776 bytes startup: c:\windows\win.ini, [windows] "run" registry added: HKEY_CURRENT_USER\Software\mIRC HKEY_CURRENT_USER\Software\mIRC\DateUsed HKEY_CLASSES_ROOT\.cha HKEY_CLASSES_ROOT\.chat HKEY_CLASSES_ROOT\ChatFile HKEY_CLASSES_ROOT\ChatFile\DefaultIcon HKEY_CLASSES_ROOT\ChatFile\Shell HKEY_CLASSES_ROOT\ChatFile\Shell\open HKEY_CLASSES_ROOT\ChatFile\Shell\open\command HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic HKEY_CLASSES_ROOT\irc HKEY_CLASSES_ROOT\irc\DefaultIcon HKEY_CLASSES_ROOT\irc\Shell HKEY_CLASSES_ROOT\irc\Shell\open HKEY_CLASSES_ROOT\irc\Shell\open\command HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mIRC files added: c:\WINDOWS\SYSTEM\bot.ini c:\WINDOWS\SYSTEM\canal.txt c:\WINDOWS\SYSTEM\canale.ini c:\WINDOWS\SYSTEM\cfg.ini c:\WINDOWS\SYSTEM\info.ini c:\WINDOWS\SYSTEM\join.ini c:\WINDOWS\SYSTEM\join.txt c:\WINDOWS\SYSTEM\master.ini c:\WINDOWS\SYSTEM\mirc.ini c:\WINDOWS\SYSTEM\pro.mrc c:\WINDOWS\SYSTEM\pro2.mrc c:\WINDOWS\SYSTEM\protection˛.conf c:\WINDOWS\SYSTEM\Runll32.exe c:\WINDOWS\SYSTEM\s.ini c:\WINDOWS\SYSTEM\super.ini c:\WINDOWS\SYSTEM\talk.ico c:\WINDOWS\SYSTEM\useri.ini c:\WINDOWS\SYSTEM\userul.ini c:\WINDOWS\SYSTEM\vxd.exe c:\WINDOWS\TEMP\temp12.exe
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.