[Dshield] Ports Tcp/Udp

Samantha Fetter sama at enteract.com
Tue Nov 6 16:45:43 GMT 2001


 From a quick search, this is what I found.  For the page itself, see:
http://www.simovits.com/trojans/tr_data/y1455.html

Hope this helps!
Cheers,
Samantha

Name: WinCrash
 
Aliases: BackDoor-M.srv, Backdoor.Wincrash, 
 
Ports:  21, 2583, 3024, 4092, 5742 
 
Files:  Wincrash.zip - 467,246 bytes WinCrash-E.zip - 466,264 bytes
Wincrash1.0b.zip - 398,378 bytes Wincrash1.03.zip - 718,736 bytes
Wincrash2.0.zip - 1,580,619 bytes WCUpdater.zip - 140,152 bytes Server.zip
- 249,513 bytes Server.exe - 296,448 bytes Server.exe - 347,136 bytes
Wincrash.exe - 309,248 bytes Wincrash-e.exe - 308,736 bytes Client.exe -
202,240 bytes Cfg95.exe - 79,242 bytes Win32cfg.exe - 4,128 bytes
Bad_day.exe - 4,128 bytes Icqfuckerextensions.exe - 164,501 bytes
Regedit.exe - Redit.bak - (is the former Regedit.exe file 
renamed) Setup.exe - 44,608 bytes Setup.ins - 66,760 bytes Wcupdater.exe -
146,432 bytes _inst321.exe - 316,789 bytes _setup.1 - 989,208 bytes
_setup.lib - 193,484 bytes 

Created: Jan 1999

Requires: 

Actions: Remote Access / Steals passwords
         Alters Win.ini (v 2.0). 

Versions: 1.0, 1.03, 2.0, 

Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
 
Notes: Works on Windows 95, 98, ME and NT. 
 
Country: written in Brazil

Program:


On Tue, 6 Nov 2001, Matt Weil wrote:

> I recently found port 2583 UDP and TCP open on one of my machines...  These ports where not open a few days
> ago..  Dif Check confirms this as well..  Does anybody know what they are?
> 
> Matt
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
> 




More information about the list mailing list