Aliases: Backdoor.Haxdoor, Backdoor.Hackdoor.b, Backdoor.Hackdoor.c, Backdoor.Haxdoor.d, Backdoor.Haxdoor.e, Backdoor.Haxdoor.f, Backdoor.Haxdoor.g, Backdoor.Win32.Haxdoor.g, Backdoor.Haxdoor.o, Backdoor.Haxdoor.q, Backdoor.Haxdoor.s, Backdoor.Win32.Haxdoor.aw
Variants: 0.21.3, 0.98.5, 0.99.8, 1.00 (a), 1.02, 1.03 (e), 1.03 (f), 1.03 (o), 1.20, 1.29, 1.3 (aw)
Port: 16661
Size: 19kb
Author: Corpse
Created: AUG 2003
OS: Windows
Location: HKCU\Identities\{50D6AEE0-8FBC-11D8-B7B6-0003FF7D167E}\Software\Microsoft\Internet Account Manager\Accounts\
HKCU\Identities\{D4086F36-0B1C-4F8B-883F-F6A433830ADF}\Software\Microsoft\Internet Account Manager\
HKCU\Software\Microsoft\Internet Account Manager\
HKLM\Software\Microsoft\Protected Storage System Provider\*Default*\Data 2\Windows\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\draw32\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\status\
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_GATE32\0000\Control\
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMLOW\
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDNT32\
HKLM\SYSTEM\ControlSet001\Services\gate32\Enum\
HKLM\SYSTEM\ControlSet001\Services\gate32\Security\
HKLM\SYSTEM\ControlSet001\Services\memlow\
HKLM\SYSTEM\ControlSet001\Services\vdnt32\
HKLM\System\CurrentControlSet\Control\MPRServices\TestService\
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GATE32\0000\Control\
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMLOW\
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDNT32\
HKLM\SYSTEM\CurrentControlSet\Services\gate32\Enum\
HKLM\SYSTEM\CurrentControlSet\Services\gate32\Security\
HKLM\SYSTEM\CurrentControlSet\Services\memlow\
HKLM\SYSTEM\CurrentControlSet\Services\vdnt32\
Infection: pdx32.sys, pdx.dll, cfgh.ini, gate32.sys, snowx.ini, status.dll, mprexe.exe, tage32.sys, p2.ini, klogini.dll, debugg.dll, c3.dll, incoming.a3d, page2.ini, w32_ss.exe, klog.sys, ps.a3d, cm.dll, draw32.dll, hm.sys, memlow.sys, vdnt32.sys, wd.sys