| Name: | The Thing |
| Aliases: | Win32.TheThing.16 Trojan, XZip, Backdoor.TheThing, Backdoor.AB, |
| Ports: | 6000, 6400, 60068 (ports can be changed) |
| Files: | Thing.zip - 194.000 bytes Thing11.zip - 202,116 bytes Thing1.11.zip - 194,345 bytes Thing112.zip - 175,996 bytes Thing12.zip - 175,729 bytes Theth15.zip - 709,962 bytes Thething15.zip - 711,554 bytes Thing16.zip - 910,077 bytes Xzip6.zip - 542,568 bytes Things.zip - 4,731 bytes Client.exe - 309,248 bytes Client.exe - 349,184 bytes Client.exe - 468,480 bytes Client.exe - 479,232 bytes Newclient.exe - 927,232 bytes Thing.exe - 33,498 bytes Thing.exe - 51,612 bytes Editsrv1.exe - 346,112 bytes Editsrv1.exe - 641,536 bytes Hello.exe - 8,192 bytes Explorer.exe - Windll32.exe - 34,838 bytes Wsasrv.exe - Ms097.exe - Netxvld.exe - 40,960 bytes Winspc13.exe - Netlog1.exe - |
| Created: | May 1999 |
| Requires: | |
| Actions: | Remote Access / ICQ trojan |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\version 1.00-1.1: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\Known16DLLs\ |
| Notes: | Works on Windows 95, 98 and NT, together with ICQ. Version 1.6 autoloads through altering System.ini and Win.ini. 1.5 uses Registry and System.ini to autoload. |
| Country: | written in Rumania |
| Program: | Written in C++, but v1.6 is rewritten in Assembler (Win32asm). |