Name: AckCmd

 

Main: AckCmdS.exe      28kbs

 

Keys: value added

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU:P:\hamvccrq\Npxpzq\NpxPzqF.rkr"

                        Type: REG_BINARY

                        Data: 51, 00, 00, 00, 06, 00, 00, 00, 60, 45, CC, 77, 01, B7, C0, 01

 

Version: beta/demo

 

Type:  Remote access/administration

 

Port/s used:  80 ACK segments and 1054 ACK segments

 

Files:  none added

 

Modifies:  none

 

Aliases:  none  

 

Behaviour: server takes a while to execute, freezes up the system slightly.

 

Removal:

Server does not auto load on reboot, so simply rebooting will kill the server. Then delete AckCmdS.exe.

 

Special: This trojan is not really a major threat, but if refined and made easier to use it could be. The trojan implements the use of TCP Ack segments and shows that a trojan using such communication could go around some firewalls.

 

Author: NA

 

Notes: NA