Name:	WebEx
Aliases:	N/A
Ports:	21, 1001
Files:	Webex1.2.zip - 70,387 bytes Webex1.3.zip - 183,648 bytes Webex1.4.zip - 133,060 bytes Task_Bar.zip - 84,508 bytes Task_Bar[1.2].zip - 33,196 bytes Task_Bar[1.3].zip - 59,486 bytes Web Ex[1.2].exe - 96,768 bytes Web Ex[1.3].exe - 113,664 bytes Web Ex 1.4.exe - 59,392 bytes Task_Bar.exe - 100,864 bytes Task_Bar[1.2].exe - 115,200 bytes Task_Bar[1.3].exe - 186,880 bytes Antidote[1.2].exe - 30,720 bytes Antidote[1.3].exe - 30,720 bytes Msvbvm50.dll - Mswinsck.ocx - Msinet.ocx - Ipdaem34.ocx - 89,088 bytes Ipport34.ocx - 84,992 bytes
Created:	Jan 1999
Requires:	Msvbvm50.dll, Mswinsck.ocx and Msinet.ocx - are required to run the trojan.
Actions:	Remote Access / FTP Server
Versions:	1.2, 1.3, 1.4,
Registers:	HLM\Software\Microsoft\Windows\CurrentVersion\Run\
Notes:	Works on Windows. FTP server: ID = user1, Password = Pass1.
Country:	N/A
Program:	N/A

Using the Process Monitor from AATools, you will see whether any foreign programs are running on your computer. If you find some unwanted program, you can terminate it by clicking the 'Terminate Process' button on the Toolbar. Using the AATools Network Monitor, you can see what ports are in use on your local PC for connection with remote systems (LAN/Internet). On Windows NT/2000/XP the Network Monitor will display you the services that are active on the ports, and map the ports to their respective applications. If you register port probes directed against ports that are normally not used, it is possible that someone is trying to connect to a Trojan inside your network. Using the Registry Cleaner (Startup section) from AATools, you will see the list of programs that are registered under Run, RunOnce, RunOnceEx and RunService registry keys. So you can find out what programs are started behind your back. You should check these programs to see they are legitimate ones but not Trojans programs.

0-C | D-H | I-N | O-S | T-Z

If you have any questions or information about ports used by Trojans not listed above, please contact us.