|
| Name: | Undetected |
| Aliases: | Backdoor.TDS.Muerte, Backdoor.TDS.4F, 4Fuk, Trojan.Win32.TrojanRunner.Levil, Backdoor.TDS.SE, Un-Detected, U4, |
| Ports: | 777 (port can be changed) |
| Files: | Undetected1.1.zip - 390,607 bytes Undetected2.2.zip - 415,753 bytes Undetected2.3a.zip - 41,243 bytes Undetected2.3SE.zip - 290,125 bytes Undetected3.0b.zip - 228,617 bytes Undetected3.1.zip - Undetected3.2.zip - Undetected3.3.zip - Undetected_xmas.zip - Undetected_botcreator.zip - Udt31p.zip - 288,847 bytes Udt31s.zip - 18,687 bytes Server.exe - 17,920 bytes Editserver.exe - 158,208 bytes Umuerte.exe - 188,416 bytes Udt3b.exe - 192,152 bytes Udt31.exe - 208,896 bytes Udt4fuk.exe - 211,968 bytes Udtse.exe - 237,056 bytes Regcheck.exe - 19,968 bytes Cap.dll - 10,752 bytes Fun.dll - 12,288 bytes Fun.dll - 13,312 bytes Fun.dll - 20,480 bytes General.dll - Irchole.dll - 11,766 bytes Ucompress.dll - 15,360 bytes Ebios.vxd - Winloader.exe - 20,480 bytes Winload32.exe - 21,097 bytes Rnaap.exe - 20,480 bytes Compressor.exe - 14,336 bytes Winrun.exe - Msrexe.exe - Binder.mdl - 12,800 bytes Install.mdl - 12,800 bytes Rar_sfx.mdl - 12,800 bytes Plugex.dpr - 470 bytes Commands.cfg - 302 bytes Commands.cfg - 1,383 bytes Commands.cfg - 1,412 bytes Commands.cfg - 1,492 bytes |
| Created: | June 2000 |
| Requires: | N/A |
| Actions: | Remote Access / Steals passwords / EXE Binder |
| | May alter Win.ini and/or System.ini. Based on SubSeven. Some of the files are packed with the UPX 1.01. It comes with several different skins and supports plug-ins, so features may change. With Undetected, the hacker is able to write and execute different types of scripts, such as .bat and .vbs files, on the infected machine. |
| Versions: | 1.1 muerte, 2.2 4fuk, 2.3a, 2.3SE, 3.0b, 3.1, 3.2, 3.2 Xmas edition, 3.3, |
| Registers: | HLM\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCALE_MACHINES\Software\Classes\exefile\shell\open\command\ |
| Notes: | Works on Windows 95, 98 and ME. |
| Country: | N/A |
| Program: | Written in Delphi. |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
