Gip

Name:	Gip
Aliases:	PWSteal.WinUp, Trojan.PSW.Gip, MrNop, ICQPass, PriceDoc.Trojan,
Ports:	25 (port can not be changed)
Files:	Gip1.07.zip - 57,662 bytes Gip1.08.zip - 58,942 bytes Gip109.zip - Gip1.10.zip - 195,010 bytes Gip111.zip - 136,971 bytes Gip112.zip - 140,370 bytes Gip1.12.zip - 140,773 bytes Gip1.12mod.zip - 65,564 bytes Gip113.zip - 75,310 bytes Gip1131.zip - 75,577 bytes Gip1.131.zip - 76,040 bytes Config.exe - 8,704 bytes Config.exe - 43,008 bytes Config.exe - 43,520 bytes Config.exe - 49,152 bytes Gip110doc.exe - 45,568 bytes Gip110exe.exe - 44,544 bytes Gip110jpg.exe - 45,568 bytes Gip110zip.exe - 47,104 bytes Gip111exe.exe - 45,056 bytes Gip111jpg.exe - 45,056 bytes Gip112doc.exe - 45,568 bytes Gip112jpg.exe - 45,056 bytes Gip113doc.exe - 22,016 bytes Gip113jpg.exe - 21,504 bytes Gipsvr107a.exe - 40,960 bytes Gipsvr108.exe - 42,496 bytes Gipsvr111.exe - Gipwizard.exe - 36,864 bytes Gipwizard.exe - 37,376 bytes Gipwizard.exe - 67,072 bytes Msdpl32.exe - 43,777 bytes Winsys.exe - Config.ini - 339 bytes Config.ini - 348 bytes Config.ini - 2,610 bytes Config.ini - 2,777 bytes Config.ini - 2,882 bytes Config.ini - 2,886 bytes
Created:	April 2000
Requires:	-----
Actions:	Remote Access / Steals passwords / ICQ trojan
Registers:	HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Policies\Network\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_CURRENT_USER\Software\Microsoft\Windows\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows \ CurrentVersion\Run\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows \CurrentVersion\RunServices\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Policies\Network\ HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Network\ HKEY_USERS\.DEFAULT\Software\Microsoft\Windows \CurrentVersion\Run\ HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
Notes:	Works on Windows 95, 98, NT and 2000, and ICQ 2000.
Country:	written in Russia
Program:

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>