G-Lock Software

HomeProductsForumsFAQDownloadsRegistration












 
... \ Port Scanner \ Trojans Port List \ Hooker

Name: Hooker
Aliases: Win32.PSW.Hooker.24, Trojan.PSW.Hooker, PWS.Hooker,
Ports: 80
Files: Hooker24sour.zip - 94,272 bytes Hooker2.4.zip - 93,785 bytes Hooker2.5.zip - 133,209 bytes Hooker2.52.zip - 28,799 bytes Hooker.exe - 15,982 bytes Hooker.exe - 21,504 bytes Hooker.exe - 38,912 bytes Hooker.dat - 21,504 bytes Hconf.exe - 8,192 bytes Hoconf.exe - 59,392 bytes Hooconf.exe - 90,107 bytes Hconf.ini - 3,072 bytes Hconf.ini - 3,161 bytes Hconf.ini - 3,477 bytes Hcheck.exe - Hkconf.exe - 8,192 bytes Hkconf.exe - 13,312 bytes Hkconf.exe - 38,912 bytes Infected.exe - Dropper.dat - 8,704 bytes Config.bat - 28 bytes Kernel32.exe -
Created: July 1999
Requires: N/A
Actions: Keylogger / Downloading trojan / Steals passwords
Can download and execute programs using port 80. The keylogging DLL is packed by LZW. It can send information via mails on a regular schedule. Hooker can delete itself on a preconfiguered date.
Versions: 1.0, 2.0, 2.2, 2.3, 2.4, 2.5, 2.52,
Registers: HLM\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ HLM\So ftware\Microsoft\Windows\CurrentVersion\RunServices\ HLM\Software \Microsoft\Windows\CurrentVersion\RunServicesOnce\ HCU\Software\Mi crosoft\Windows\CurrentVersion\Run\ HCU\Software\Microsoft\Windows \CurrentVersion\RunOnce\ HCU\Software\Microsoft\Windows\CurrentVer sion\RunServices\ HCU\Software\Microsoft\Windows\CurrentVersion\Ru nServicesOnce\
Notes: Works on Windows 95, 98, ME, NT and 2000. ˆ Source code is available. Works together with ICQ 99 a.
Country: written in Russia
Program: Written in C++ 5.

Advanced Administrative ToolsUsing the Process Monitor from AATools, you will see whether any foreign programs are running on your computer. If you find some unwanted program, you can terminate it by clicking the 'Terminate Process' button on the Toolbar. Using the AATools Network Monitor, you can see what ports are in use on your local PC for connection with remote systems (LAN/Internet). On Windows NT/2000/XP the Network Monitor will display you the services that are active on the ports, and map the ports to their respective applications. If you register port probes directed against ports that are normally not used, it is possible that someone is trying to connect to a Trojan inside your network. Using the Registry Cleaner (Startup section) from AATools, you will see the list of programs that are registered under Run, RunOnce, RunOnceEx and RunService registry keys. So you can find out what programs are started behind your back. You should check these programs to see they are legitimate ones but not Trojans programs.

0-C | D-H | I-N | O-S | T-Z

If you have any questions or information about ports used by Trojans not listed above, please contact us.
 

Advanced Administrative Tools
  Port Scanner
Proxy Analyzer
Trace Route
Email Verifier
Links Analyzer
Whois
Network Monitor
Process Monitor
System Info
Resource Viewer
Registry Cleaner
 
Services
  Registration
Affiliate
 
Support
  Contact us 
Info
 

Trojans Port List 
Privacy Statement
 

  Add to Favorites

 

Home | Products | Forums | FAQ | Downloads | Registration

Copyright © 1999-2002 G-Lock Software
All product and company names are trademarks or registered trademarks of their respective owners. All rights reserved. Privacy statement.