Acid Shivers


Name: Acid Shivers
Aliases: Acid Shiver, BackDoor.AcidShiver.516, Acid Shiver.c, Trojan.PSW.AcidShiver,
Ports: 10520, and at random between 10,000 and 65,000
Files: Acid.zip - 24,309 bytes Acidshiver.zip - 98,801 bytes Acidshivers.zip - 70,451 bytes Acidshivers.zip - 71,273 bytes Acidshivers01.zip - 157,540 bytes Acid Shiver v1.0.zip - 256,047 bytes As-500os.zip - 23,929 bytes Acid setup.zip - 2,037 bytes Imacid.zip - 72,132 bytes Setup.exe - 14,336 bytes Acid setup.exe - 14,336 bytes Acid setup.vbp - 672 bytes Acid setup.vbw - 52 bytes Acidshiver.exe - 123,097 bytes Acidshivers.exe - 186,368 bytes Infected.exe - 186,379 bytes Msvbvm50.dll - Mswinsck.ocx - Comdlg32.ocx - Msgsvr16.exe -
Created: Aug 1997
Requires: Msvbvm50.dll, Mswinsck.ocx and Comdlg32.ocx - are required to run the trojan.
Actions: Anti-protection trojan / Remote Access / Steals passwords
Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\
Notes: Works on Windows 95, 98 and NT. Also uses Telnet as client.
Country:
Program: Written in Visual Basic 5.0.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>