|
| Name: | Gip |
| Aliases: | PWSteal.WinUp, Trojan.PSW.Gip, MrNop, ICQPass, PriceDoc.Trojan, |
| Ports: | 25 (port can not be changed) |
| Files: | Gip1.07.zip - 57,662 bytes Gip1.08.zip - 58,942 bytes Gip109.zip - Gip1.10.zip - 195,010 bytes Gip111.zip - 136,971 bytes Gip112.zip - 140,370 bytes Gip1.12.zip - 140,773 bytes Gip1.12mod.zip - 65,564 bytes Gip113.zip - 75,310 bytes Gip1131.zip - 75,577 bytes Gip1.131.zip - 76,040 bytes Config.exe - 8,704 bytes Config.exe - 43,008 bytes Config.exe - 43,520 bytes Config.exe - 49,152 bytes Config.ini - 339 bytes Config.ini - 348 bytes Config.ini - 2,610 bytes Config.ini - 2,777 bytes Config.ini - 2,882 bytes Config.ini - 2,886 bytes Winsys.exe - Gip110doc.exe - 45,568 bytes Gip110exe.exe - 44,544 bytes Gip110jpg.exe - 45,568 bytes Gip110zip.exe - 47,104 bytes Gip111exe.exe - 45,056 bytes Gip111jpg.exe - 45,056 bytes Gip112doc.exe - 45,568 bytes Gip112jpg.exe - 45,056 bytes Gip113doc.exe - 22,016 bytes Gip113jpg.exe - 21,504 bytes Gipsvr107a.exe - 40,960 bytes Gipsvr108.exe - 42,496 bytes Gipsvr111.exe - Gipwizard.exe - 36,864 bytes Gipwizard.exe - 37,376 bytes Gipwizard.exe - 67,072 bytes |
| Created: | April 2000 |
| Requires: | N/A |
| Actions: | Remote Access / Steals passwords / ICQ trojan |
| | Alters System.ini. |
| Versions: | 1.07, 1.08, 1.09, 1.10, 1.11, 1.12, 1.12 mofified, 1.13, 1.131 |
| Registers: | HCU\Software\Microsoft\Windows \CurrentVersion\Policies\Network\ HCU\Software\Microsoft\Windows\CurrentVersion\Run\ HCU\Software\Microsoft\Windows\ HLM\Software\Microsoft\Windows \ CurrentVersion\Run\ HLM\Software\Microsoft\Windows \CurrentVersion\RunServices\ HLM\Software\Microsoft\Windows\ CurrentVersion\Policies\Network\ HU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Network\ HU\.DEFAULT\Software\Microsoft\Windows \CurrentVersion\Run\ HU\.DEFAULT\Software\Microsoft\Windows\ |
| Notes: | Works on Windows 95, 98, NT and 2000, and ICQ 2000. |
| Country: | written in Russia |
| Program: | N/A |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
