Name: Admin.Troj.Kikzyurarse

 

Main: ATK.exe size 30.5kbs, atk.dll 30kbs

 

Keys: values added

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU:P:\hamvccrq\Nqzva.Gebw.Xvxmlhenefr\NGX.rkr"

                        Type: REG_BINARY

                        Data: 51, 00, 00, 00, 06, 00, 00, 00, 20, 63, 9A, AC, 11, B7, C0, 01

 

Version: N.A.

 

Type:  Windows NT admin kit

 

Port/s used:  none

 

Files:  none

 

Modifies:  none

 

Aliases:  none  

 

Behaviour: installs, then asks 2 questions, allowing the person installing it to get admin status, this is a local exploit.

 

Removal: trojan removes itself on reboot

 

 

Special: get any privilege you wish on a Window’s NT machine

 

Author: NoName Security Inc.

 

Notes: this is not a remote access trojan, it is a local exploit used to gain admin status, its not really a trojan as such.