| Name: | Badtrans |
| Aliases: | TROJ_BADTRANS.A, W32.Badtrans.13312@mm, I-WORM.BADTRANS, Win32.Badtrans.dll, DUNpws.av, W95/Badtrans.B@mm, Hooker, Backdoor.NK, Bad Transmission, PWS.AV, |
| Ports: | |
| Files: | INETD.EXE - Kern32.exe - Kernel32.exe - Hkk32.exe - Hksdll.dll - Kdll.dll - 5,632 bytes Protocol.dll - Cp_23421.nls - ??? bytes Cp_25389.nls - ??? bytes fun.pif - Humor.TXT.pif - docs.scr - s3msong.MP3.pif - Sorry_about_yesterday.DOC.pif - Me_nude.AVI.pif - Card.pif - SETUP.pif - searchURL.scr - YOU_are_FAT!.TXT.pif - hamster.ZIP.scr - news_doc.scr - New_Napster_Site.DOC.SCR - README.TXT.pif - images.pif - Pics.ZIP.scr - Domscan.exe - Sysmc32.exe - - 10,623 bytes - 13,312 bytes - 29,020 bytes - 43,587 bytes |
| Created: | Apr 2001 |
| Requires: | |
| Actions: | Worm / Keylogger / Steals passwords / Mail trojan / Trojan dropper |
| Registers: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
| HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows\ | |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellFoldersPersonal | |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Cache\PathsDirectory | |
| Notes: | Works on Windows 95, 98, NT, 2000 and XP, together with MS Outlook, MS Outlook Express and MS Internet Explorer. Also works with other MAPI enabled software. |
| Country: | written in Great Britain |
| Program: |