| Name: | Acid Shivers |
| Aliases: | Acid Shiver, BackDoor.AcidShiver.516, Acid Shiver.c, Trojan.PSW.AcidShiver, |
| Ports: | 10520, and at random between 10,000 and 65,000 |
| Files: | Acid.zip - 24,309 bytes Acidshiver.zip - 98,801 bytes Acidshivers.zip - 70,451 bytes Acidshivers.zip - 71,273 bytes Acidshivers01.zip - 157,540 bytes Acid Shiver v1.0.zip - 256,047 bytes As-500os.zip - 23,929 bytes Acid setup.zip - 2,037 bytes Imacid.zip - 72,132 bytes Setup.exe - 14,336 bytes Acid setup.exe - 14,336 bytes Acid setup.vbp - 672 bytes Acid setup.vbw - 52 bytes Acidshiver.exe - 123,097 bytes Acidshivers.exe - 186,368 bytes Infected.exe - 186,379 bytes Msvbvm50.dll - Mswinsck.ocx - Comdlg32.ocx - Msgsvr16.exe - |
| Created: | Aug 1997 |
| Requires: | Msvbvm50.dll, Mswinsck.ocx and Comdlg32.ocx - are required to run the trojan. |
| Actions: | Anti-protection trojan / Remote Access / Steals passwords |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ | |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ | |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ | |
| Notes: | Works on Windows 95, 98 and NT. Also uses Telnet as client. |
| Country: | |
| Program: | Written in Visual Basic 5.0. |