Donald Dick


Name: Donald Dick
Aliases: DonaldD, Backdoor.DonaldDick, Backdoor AQ, Smorph,
Ports: 23476, 23476 (UDP), 23477 (ports can be changed) (examples: 666, 22222, 32001, 34444 in FAQ)
Files: Dd152.zip - 365,865 bytes Dd152.zip - 408,138 bytes Dd153.zip - 431,704 bytes Dd154.zip - 502,468 bytes Dd155.zip - 186,179 bytes Dds152.zip - 134,543 bytes Dds153.zip - 160,655 bytes Ddcg152.zip - 273,210 bytes Ddcg153.zip - 276,330 bytes Ddcg154.zip - 278,297 bytes Ddc153.zip - 15,470 bytes Ddc152.exe - Ddc153.exe - 12,288 bytes Client.exe - 16,896 bytes Dds152.exe - 243,712 bytes Ddcg152.exe - 655,872 bytes Ddcg153.exe - 662,528 bytes Ddcw.exe - 667,648 bytes Ddsetup.exe - 293,888 bytes Ddsetup.exe - 330,240 bytes Ddsetup.exe - 333,312 bytes Ddsetup.ini - 4,486 bytes Ddsfind.exe - 8,192 bytes Client.exe - 17,920 bytes Ddick.exe - Ddick.exe - Ddick.ini - 54 bytes Ddick.ini - 56 bytes Vmldir.vxd - Intld.vxd - Bootexec.exe - Oleproc.exe - Pnpmgr.pci - Pmss.exe - Jpegcomp.dll - 79,360 bytes
Created: Mar 1999
Requires:
Actions: Remote Access / Novell NetWare trojan
Registers: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VMLDIR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\
Notes: Works on Windows 95, 98 and NT. Runs TCP/IP as well as on IPX/SPX. Extremely well written Read Me-files. Uses MD5 encryption. Password =
Country: written in Russia
Program: Written in Visual C++.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>