|
| Name: | Cafeini |
| Aliases: | N/A |
| Ports: | 80, 51966 (port can be changed) |
| Files: | Cafeini_polish.zip - 121,628 bytes Cafeini0.8.zip - 250,361 bytes Cafeini0.9.zip - 281,752 bytes Cafein10.zip - 377,898 bytes Cafeini1.1.zip - 395,170 bytes Cafeini.exe - 122,880 bytes Cafeini.exe - 142,848 bytes Cafeclnt.exe - 132,608 bytes Cafeclnt.exe - 143,872 bytes Cafeiniclient.exe - 158,720 bytes Cafeiniclient.exe - 163,840 bytes Cafeiniconfig.exe - 72,192 bytes Cafeiniserver.exe - 153,600 bytes Cafeiniserver.exe - 165,888 bytes Cafe08pl.exe - 123,904 bytes Rundll32.exe - Bygotit.exe - Hemany.exe - Mutihaka.exe - Pazymi.exe - Wilokyl.exe - |
| Created: | Mar 2000 |
| Requires: | N/A |
| Actions: | Remote Access |
| | It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programīs place in the Registry. The server will automatically be updated using HTTP. |
| Versions: | 0.8, 0.9, 1.0, 1.1, |
| Registers: | HLM\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOne\ HLM\Sof tware\Microsoft\Windows\CurrentVersion\RunServices\ HLM\Software\ Microsoft\Windows\CurrentVersion\RunServicesOnce\ HCU\Software\Mic rosoft\Windows\CurrentVersion\Run\ HCU\Software\Microsoft\Windows\ CurrentVersion\RunOnce\ HCU\Software\Microsoft\Windows\CurrentVers ion\RunServices\ HCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce\ |
| Notes: | Works on Windows 95, 98, NT and 2000. Telnet can also be used as client. |
| Country: | written in Poland |
| Program: | Written in Visual C++. |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
