R0xr4t


Name: R0xr4t
Aliases: Roxrat, Backdoor.Roxrat, Backdoor.AIQ,
Ports: 2150, 5050, 15000, 50551, 50552, 60551, 60552
Files: R0xr4t v1.0b.zip - 785,478 bytes R0xr4t10b1.zip - R0xr4t10b2.zip - R0xr4t10.zip - R0xr4t11.zip - Server.exe - 562,688 bytes R0xr4t.exe - 221,184 bytes Rundll666.exe - Runvxd32.exe - Editserver.exe - 199,168 bytes Msrunner.exe - Mzsystem.exe - Pic.jpg.exe - Upx.exe - 91,136 bytes - 602,624 bytes
Created: Jun 2002
Requires:
Actions: Anti-protection trojan / Remote Access / Keylogger / Steals passwords / FTP server
Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
HKEY_CLASSES_ROOT\txtfile\shell\open\command\
Notes: Works on Windows 95, 98, ME, NT, 2000 and XP.
Country: written in Brazil
Program: Written in Delphi 5.0.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>