Tonerok
Released 20 years, 10 months ago. January 2004
Copyright © MegaSecurity
By ?
Informations
From | ? |
Author | ? |
Family | Tonerok |
Category | Remote Access |
Version | Tonerok |
Released Date | Jan 2004, 20 years, 10 months ago. |
Language | VBSscript, compressed with UPX |
Additional Information
Server:
dropped file:
c:\%WinDir%\svchost.exe
size: 13.824 bytes
port: 10002, 1154 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Online Service"
registry added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Mserv "IDwin"
dropped files:
c:\WINDOWS\mserv.exe (Trojan.Win32.Killav.br)
c:\WINDOWS\msto32.dll (Backdoor.Tonerok)
c:\WINDOWS\sysini.ini (contents: "***Computer was successfully infected***")
c:\WINDOWS\SYSTEM\wingua.exe (Trojan.Win32.Killav.br)
c:\WINDOWS\svchost.exe (Backdoor.Tonerok)
Backdoor.Tonerok tries to download and execute several files (1.exe, 2.exe and 3.exe) from "http://trojanerdok.narod.ru" (Russia).
It is capable of disabling some anti-virus programs.
The content of the folders "c:\WINDOWS\Cookies\" and "c:\WINDOWS\Temporary Internet Files\" is deleted.
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.