|
| Name: | BLA trojan |
| Aliases: | N/A |
| Ports: | 666, 1042, 20331 |
| Files: | Dbla.zip - 307,489 bytes Bla.zip - 305,115 bytes Bla1.0.zip - 310,684 bytes Bla20.zip - 615,572 bytes Bla40.zip - 603,821 bytes Bla5.01.zip - Bla502.zip - Bla503.zip - 838,477 bytes Bla51.zip - Trojan.exe - 64,658 bytes Trojan.exe - 91,032 bytes Blaclient.exe - 1,359,360 bytes Bla(client).exe - 1,342,976 bytes Bla501 tcp proxy.exe - Bla501trojan.exe - Blaclient.exe - Blaclient2.exe - Blaaaaa.exe - 1,284,096 bytes Blaaaaa.exe - 1,330,688 bytes Msv32.dll - 64,658 bytes Msv32.dll - 144,896 bytes Msv32-1.dll - Scanirc.exe - 303,616 bytes "renamed server".exe - 217,600 bytes Mprdll.exe - Asian trojan.exe - 192,512 bytes Tcpload.exe - 255,488 bytes Tcpproxy.exe - 32,768 bytes Module.ini - 78 bytes Normal trojan.exe - 217,088 bytes Salope trojan.exe - 229,376 bytes Self extract.exe - 94,208 bytes Log.txt - ??? bytes |
| Created: | Mar 1999 |
| Requires: | N/A |
| Actions: | Remote Access / Steals passwords |
| | The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software. |
| Versions: | 1.0, 1.1, 2.0, 4.0, 5.01, 5.02, 5.03, 5.1, |
| Registers: | HLM\Software\Microsoft\Windows\CurrentVersion\Run\ |
| Notes: | Works on Windows 95 and 98. |
| Country: | written in France |
| Program: | N/A |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
