|
| Name: | Email Password Sender - EPS, EPS II |
| Aliases: | N/A |
| Ports: | 25 (port can not be changed) |
| Files: | Eps.zip - 89,595 bytes Eps1.09.zip - 115,627 bytes Eps1.51.zip - 267,277 by tes Eps151.zip - 268,508 bytes Eps161.zip - 82,317 bytes Eps1.61.zip - 89,689 bytes Eps166.zip - 65,001 bytes Config.exe - 9,216 bytes Config.exe - 12,288 bytes Config.exe - 23,985 bytes Config.exe - 26,112 bytes Config.exe - 40,448 bytes Config.exe - 47,66 bytes Eps.exe - 31,774 bytes Eps.exe - 32,256 bytes Eps.exe - 47,140 bytes Eps.exe - 49,408 bytes Eps.exe - 49,664 bytes Eps.exe - 52,492 bytes Eps.exe - 72,964 bytes Eps16.exe - [15,7 kb] Eps161.exe - 16,084 bytes Filed.exe - 26,624 bytes Filed.exe - 57,344 bytes Winstat.exe - Priocol.exe.exe - Priocol.dll - Pricoll.dll - 77,652 bytes Pricol.exe - Bintouue.exe - 41,472 bytes Cryptuue.exe - 41,984 bytes Decryptuue.exe - 43,008 bytes Uuetobin.exe - 42,496 bytes - 13,528bytes |
| Created: | 1999 |
| Requires: | N/A |
| Actions: | Steals passwords / ICQ trojan |
| | Displays a Firework and simultanlously starts in the backround. Sends the passwords encrypted via e-mail. |
| Versions: | 1.03, 1.04, 1.06, 1.07, 1.09, 1.10, 1.20, 1.30, 1.35, 1.40, 1.41, 1.50, 1.51, 1.60, 1.61, 1.62, 1.63, 1.64, 1.65, 1.66, |
| Registers: | HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HCU\Software\Mirabilis\ICQ\Agent\Apps\Run\\ HCU\Software\Mirabilis\ICQ\Owners\ |
| Notes: | Works on Windows 95, 98 and NT. NT compability added in v 1.63. From v 1.62 the trojan i called EPS II. |
| Country: | written in Russia |
| Program: | Written in Visual C++ 5.0. |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
