Lastest version is 3.0, but it is fairly buggy. It uses TCP port 999 for its keylogger (default), and port 41 for its FTP service. Features:
| Trojan | Hidden within other executables |
| Install | Registry |
| Notify | yes |
| Password | yes |
| Scan | cached passwords, RAS passwords, other |
| Other | imbedded FTP service |
Detection/removal
Puts the file C:\Windows\systray.exe on your disk. The idea is to masquerade as the real systray.exe program located in C:\Windows\system. It changes the existing "Run" registry setting for SystemTray to the new program. Simply removing the "Run" entries or removing the systray.exe program will remove the Trojan.
Ports
The trojan will listen on: 6670/tcp, 3150/tcp, 2140/tcp, 2140/udp, 3150/udp.
When scanning for servers, the client will use source port of 60000 and scan for ports like 2140.
Variants
