| Name: | BackGate Kit |
| Aliases: | Backdoor.NTHack, NT Hack, Unicode Rootkit, |
| Ports: | 69, 19216, 29292, 45092 |
| Files: | Archive.tar.gz - 1,214,436 bytes Archive.tar - 1,392,640 bytes Dl.exe - 5.120 bytes Dl.1bat - 227 bytes Dir.txt - 64 bytes Install.bat - Firedeamon.exe - 32,256 bytes Ftpcmds.txt - 178 bytes Login.txt - 344 bytes Mmtask.exe - 282,624 bytes Newgina.dll - 28,672 bytes Reggina.exe - 24,576 bytes Regit.exe - 70,211 bytes Restrict.exe - 18,276 bytes Restsec.exe - 28,432 bytes Servustartuplog.txt - 537 bytes Settings.reg - 35,981 bytes Makeini.exe - 12,288 bytes Sud.exe - 355,652 bytes Sud.exe - 427,520 bytes Sud.bak - 8,340 bytes Sud.ini - 6,867 bytes 00.d - 01.d - 64 bytes 02.d - 32.256 bytes 03.d - 344 bytes 04.d - 282,624 bytes 05.d - 28,672 bytes 06.d - 24,576 bytes 07.d - 70,211 bytes 08.d - 18,276 bytes 09.d - 28,432 bytes 10.d - 35,981 bytes 11.d - 355,652 bytes 11.d - 427,520 bytes 12.d - 12,288 bytes 13.d - 6,867 bytes 14.d - 15.d - 543567.1tmp - E.asp - |
| Created: | Feb 2001 |
| Requires: | |
| Actions: | Remote Access / Rootkit / Steals passwords / Downloading trojan / FTP proxy / HTTP proxy / Telnet proxy / SOCKs proxy / Winsock proxy / FTP server |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinlogonHKEY_LOCAL_MACHINE\system\currentcontrolset\services\os2srv\parametersHKEY_LOCAL_MACHINE\system\currentcontrolset\services\index\parameters |
| HKEY_LOCAL_MACHINE\system\currentcontrolset\services\index\ | |
| HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\index | |
| HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\mmtask | |
| HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\os2srv | |
| HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mmtask | |
| HKEY_LOCAL_MACHINE\system\currentcontrolset\services\os2srv | |
| Notes: | Works on Windows NT, together with MS Internet Information Server (IIS). |
| Country: | |
| Program: | Written in Visual Basic. |