Trojan Program Thread

From: Mike Peterson (slidefxat_private)
Date: Fri Oct 19 2001 - 12:03:26 PDT

  • Next message: Lindsay: "Strange tcpdump file"

    It looks like the mystery Trojan is Mini Oblivion by
    the Rat Pack.  I have passed the iexplore.exe to
    General Description was that
    iexplore.exe was placed in c:\winnt\system32
    Five registry keys were found
    Web browser "C:\winnt\system32\iexplore.exe" 
    web browser "C:\winnt\system32\iexplore.exe" 
    "explorer.exe iexplore.exe"
    NT\CurrentVersion\Windows\Run "iexpIore.exe"
    NT\CurrentVersion\Windows\Load "iexpIore.exe"
    Thanks for everyone who responded.
    Web Page for Mini Oblivion
    (Not written by me)
    > Does anyone have information on a IRC Trojan with
    > the
    > following characteristics.
    > Opens IRC channels on 6667 and connects to some IRC
    > channel on 6668.
    > It sets a registry key
    > web browser  =  "c:\winnt\system32\iexplore.exe"
    > And changes the shell
    > l
    > changes it from "Explorer.exe" to "Explorer.exe
    > iexplore.exe"
    > I found a 9 KB file named iexplore.exe in
    > c:\winnt\system32 and also found the iexplore.exe
    > process running.
    Do You Yahoo!?
    Make a great connection at Yahoo! Personals.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 13:05:20 PDT