TGA BackDoor 2.0

Released 18 years, 10 months ago. January 2006

Copyright © MegaSecurity

By TGA


Informations
From Brazil
Author TGA
Family TGA BackDoor
Category Remote Access
Version TGA BackDoor 2.0
Released Date Jan 2006, 18 years, 10 months ago.
Language Delphi
Additional Information
Server:
dropped file:
c:\WINDOWS\system\smss.exe
size: 271,393 bytes 

port: 6666, 29559, 456, 741 TCP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe, C:\WINDOWS\system\smss.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirstRunDisabled"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall"
data: 00, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall"
data: 00, 00, 00, 00 


tested on Windows XP
February 10, 2006

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.