Name:	Barok
Aliases:	Barock, Win-Bugsfix.exe,
Ports:	25 (port can not be changed)
Files:	Barock.zip - 342,607 bytes Barok10.zip - 339,720 bytes Barok20.zip - 342,345 bytes Barok2.zip - 345,481 bytes Barok21.zip - 34,696 bytes Barok2.1.zip - 35,287 bytes Barok.exe - 16,953 bytes Server.exe - 45,056 bytes Server.exe - 53,248 bytes WCheckup.exe - 45,065 bytes Setup.exe - 1,056,825 bytes Client.exe - 1,060,921 bytes Client.exe - 59,451 bytes
Created:	Jan 2000
Requires:	N/A
Actions:	Steals passwords
	Win-Bugsfix.exe was the name Onel de Guzman used when we wrote LoveLetter. When the mail had been executed Barock was supposed to be downloaded and run on the vitimīs computer.
Versions:	1.0, 2.0, 2.1,
Registers:	HLM\Software\Microsoft\Windows\CurrentVersion\Run\
Notes:	Works on Windows 95, 98 and ME.
Country:	written in the Philippines
Program:	N/A

Using the Process Monitor from AATools, you will see whether any foreign programs are running on your computer. If you find some unwanted program, you can terminate it by clicking the 'Terminate Process' button on the Toolbar. Using the AATools Network Monitor, you can see what ports are in use on your local PC for connection with remote systems (LAN/Internet). On Windows NT/2000/XP the Network Monitor will display you the services that are active on the ports, and map the ports to their respective applications. If you register port probes directed against ports that are normally not used, it is possible that someone is trying to connect to a Trojan inside your network. Using the Registry Cleaner (Startup section) from AATools, you will see the list of programs that are registered under Run, RunOnce, RunOnceEx and RunService registry keys. So you can find out what programs are started behind your back. You should check these programs to see they are legitimate ones but not Trojans programs.

0-C | D-H | I-N | O-S | T-Z

If you have any questions or information about ports used by Trojans not listed above, please contact us.