Phoenix II


Name: Phoenix II
Aliases: Backdoor.Phoenix, BackDoor.RV.
Ports: 7410 (port can be changed to any port between 1024 and 32768)
Files: Phoenix2_1.29.zip - 389,356 bytes Phoenix2_1.30.zip - 390,243 bytes Phoenix2_1.40.zip - 452,856 bytes Phoenix2_1.41.zip - Phoenix2_1.42.zip - Phoenix2_1.43.zip - Phoenix2_1.44.zip - Phoenix2_1.45.zip - Phoenix2_1.46.zip - Phoenix2_1.60.zip - Phoenix2_1.61.zip - Phoenix2_1.74.zip - Phoenix2_1.80.zip - Phoenix2_1.90.zip - Ph2_128.zip - Ph2_129.zip - Ph2_130.zip - Ph2_140.zip - Ph2_141.zip - Ph2_142.zip - Ph2_143.zip - Ph2_144.zip - Ph2_145.zip - Ph2_146.zip - Ph2_150.zip - Ph2_160b.zip - Ph2_161b.rar - Ph2_162b.rar - Ph2_163b_bugfix.rar - Ph2_164.rar - Ph2_172b.rar - Ph2_180b.rar - Phserver.exe - 200,704 bytes Phserver.exe - 204,800 bytes Phclient.exe - 589,824 bytes Srvrcfg.exe - 147,456 bytes Msatrib.exe - [196 kb] .exe - ~utsalri.exe - Phcleaner.exe - ~p2.exe - Ctwdm16.exe - Ctcheklv.exe - Ssdpcache.exe - - 221,184 bytes
Created: Jul 2001
Requires:
Actions: Remote Access
Registers: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Notes: Works on Windows 95, 98, ME, NT, 2000 and XP.
Country: written in Italy
Program: Written in VisualC++.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>