Name: Bla 1.0

 

Main: Bla (client).exe 1.28 MB (1,342,976 bytes), Trojan.exe 63.1 KB (64,658 bytes)

 

Keys:  The client and the server are both infected so I have broken this into two parts

 

Values added: BLA(client.exe)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "systemdoor"

                        Type: REG_SZ

                        Data: c:\windows\system\Rundll argp1

 

Values added: Trojan.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "system"

                        Type: REG_SZ

                        Data: C:\UNZIPPED\BLA1.0\TROJAN.EXE

 

Version:  1.0

 

Type: Remote access trojan

 

Port/s used: 1042 tcp

 

Files:  C:\WINDOWS\SYSTEM\Rundll.exe (64kbs) this file is added by the client

 

Modifies: none

 

Aliases:  none

 

Behaviour:  Once executed the server file (trojan.exe) makes a very noticeable change to the computer. Everything slows right down and may even crash older less powerful systems.

 

Removal: Open up regedit (go to run, type regedit and hit ok) and follow this path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Look for the ""system" value and or the "systemdoor" value and delete it.

 

Reboot and delete:

C:\WINDOWS\SYSTEM\Rundll.exe

 

Special:  The only thing special about this trojan is that the client and the server are both infected, this trojan is useless and actually just an annoyance.

 

Author: red Fred and blue Fred

 

Notes Probably the worst made trojan I have come across