Blaster Worm remover
Released 21 years, 2 months ago. September 2003
Copyright © MegaSecurity
By System33r
Informations
| Author | System33r |
| Family | Blastit |
| Category | Remote Access |
| Version | Blaster Worm remover |
| Released Date | Sep 2003, 21 years, 2 months ago. |
| Language | C, compressed with UPX |
Additional Information
dropped file:
c:\WINNT\system32\tftp32.exe size: 22.560 bytes
port: 113 TCP
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Wininit Command"
data: wininit.exe W
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Windows Wininit Command"
data: wininit.exe W
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: explorer.exe wininit.exe
KEY_CURRENT_USER\Software\VB and VBA Program Settings\BlastIT16\Settings
Tries to connect to specified IRC server
tested on win2000If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.