Tonerok

Released 20 years, 10 months ago. January 2004

Copyright © MegaSecurity

By ?


Informations
From ?
Author ?
Family Tonerok
Category Remote Access
Version Tonerok
Released Date Jan 2004, 20 years, 10 months ago.
Language VBSscript, compressed with UPX
Additional Information
Server:
dropped file:
c:\%WinDir%\svchost.exe 

size: 13.824 bytes 

port: 10002, 1154 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Online Service" 

registry added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Mserv "IDwin" 

dropped files:
c:\WINDOWS\mserv.exe           (Trojan.Win32.Killav.br)
c:\WINDOWS\msto32.dll          (Backdoor.Tonerok)
c:\WINDOWS\sysini.ini          (contents: "***Computer was successfully infected***")
c:\WINDOWS\SYSTEM\wingua.exe   (Trojan.Win32.Killav.br)
c:\WINDOWS\svchost.exe         (Backdoor.Tonerok)
 
Backdoor.Tonerok tries to download and execute several files (1.exe, 2.exe and 3.exe) from "http://trojanerdok.narod.ru" (Russia).
It is capable of disabling some anti-virus programs.
The content of the folders "c:\WINDOWS\Cookies\" and "c:\WINDOWS\Temporary Internet Files\" is deleted.

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.