Name: Ajan 1.1
Keys: value added
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
"HRZR_EHACNGU:P:\hamvccrq\Nwna1.1\NwnaFrei.rkr"
Type:
REG_BINARY
Data:
51, 00, 00, 00, 06, 00, 00, 00, 40, 6C, AA, D8, 2E, B7, C0, 01
Version: 1.1
Type: Password emailer
Port/s used: 25
Files: none
Modifies: none
Aliases: none
Behaviour: once executed will try and make your default dial up networking (dun)
connect to the internet, this is to try and send passwords gathered to the
hacker that configured the server.
Removal: doesn’t auto load on reboot, delete
AjanServ.exe 28K, Ajanbase.exe 40kbs to remove
Special: this trojan comes
with a binding program allowing the hacker to bind (combine) the trojan with
any legitimate software e.g. a small game
Author: cHaLLeNge - coder of The
RedHack Team
Notes: to protect yourself
fully from these sorts of trojans it is important never to use the option that
is sometimes given by web browsers and programs to remember your password, this
will store your password in a cache file on your computer where a password
stealing trojan such as this can easily steal them.