|
| Name: | Naebi |
| Aliases: | Haebu Coceda, Orifice, DUNpws.p, Red Power, Trojan.PSW.Spion.a, PWSteal.Coced.Trojan, |
| Ports: | 25 |
| Files: | Naebi.exe - 9,728 bytes Naebi212.exe - 9,728 bytes Naebi214.exe - 10,240 bytes Naebi215.exe - 10,240 bytes Naebi216.exe - 10,240 bytes Naebi217.exe - 10,240 bytes Naebi218.exe - 10,752 bytes Naebi219.exe - 11,264 bytes Naebi220.exe - 12,288 bytes Ns220.exe - Ns221pro.exe - 11,776 bytes Ns226a.exe - 12,288 bytes Ns227.exe - Ns231.exe - Ns234.exe - Ns237dir.exe - Ns237icq.exe - Ns237set.exe - Ns237zip.exe - Ns237wrd.exe - Ns238g.exe - Ns238h.exe - Ns238o.exe - Ns240.rar - 12,423 bytes Ns241.exe - 13,824 bytes Conf.exe - 6,656 bytes Confgui.exe - 18,432 bytes Confgui.exe - 24,064 bytes Config.exe - 11,776 bytes Config.exe - 12,800 bytes Config.exe - 13,824 bytes Config22.exe - 16,896 bytes Con216.exe - 13,824 bytes Con219.exe - 15,360 bytes Conf226.exe - 17,920 bytes Conf221p.exe - 15,360 bytes Config.ini - 4,730 bytes Pic1.jpg.exe - Msdll32.exe - Msramgr.exe - Msrnareg.exe Winrun.exe - Winrun32.exe - |
| Created: | Feb 1997 |
| Requires: | N/A |
| Actions: | Steals passwords / ICQ trojan |
| | It also alters Win.ini from v2.34. It also alters System.ini. Naebi sends all found passwords to a configurable mail address. |
| Versions: | 2.12, 2.14, 2.15, 2.15b, 2.16, 2.16-cracked, 2.17, 2.19, 2.20, 2.21, 2.26, 2.27, 2.29, 2.30, 2.31, 2.32, 2.33, 2.34, 2.34.2, 2.35, 2.35.3., 2.35.4., 2.35.5., 2.36, 2.37, 2.38, 2.39, 2.40, 2.41, |
| Registers: | HCU\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQ HCU\SOF TWARE\Mirabilis\ICQ\Agent\Apps\Run HU\.Default\SOFTWARE\Mirabilis\ICQ\Ag ent\Apps\Run\ HU\.Default\SOFTWARE\Mirabilis\ICQ\Agent\ HKEY_LOCAL_MACHI NE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HU\.Default\SOFTWARE\M icrosoft\Windows\CurrentVersion\RunServices\ |
| Notes: | Works on Windows 3.1, 95, 98, ME,NT and 2000, together with ICQ. ˆ Source code is available. |
| Country: | written in Russia |
| Program: | N/A |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
