-Backdoor Win32.WinRC: P1/P2
-Trojan Spy Win32 vb.qq : P1/P2
"Dialer " detections are false positive:
We build a server that we call Yahoo Messenger, configured to kill Windows firewall, kaspersky antivirus (avp.exe) etc.
-Trojan Spy Win32.VB.dd: P1/P2
-Trojan Spy HermanAgent: P1/P2
We build a server that we call Columbo.
-Sniffer Door (currently detected by none av): P1/P2
The malware package include client/server side (sniffer door and netcat):
The server sided only:
This chinese backdoor should logically be detected by Rising antivirus isn't it?
We use the option "replace service" instead of "create":
-SBdoor (R): F1/F2
This backdoor has the same feature as Netcat, and is provided by a campany specialized in pen-testing.
The file has been renamed, but is not known by antivirus softwares.
As a pure backdoor, Kav detects nothing via the PDM, neither via the file antivirus (not listed in its malware database).
-TGA backdoor: P1/P2
This backdoor, detected on Virus Total, is not detected by Kav with an on demand scan:
We choose the ActiveX installation option:
We choose to call the server process as csrss.exe:
-Trojan NuclearPrank.c: P1/P2
-Trojan Spy Delf.fg: P1/P2
-Backdoor Win32.Wollf: P1/P2
As we have allowed the service installation, we need to delete it:
-Backdoor Delf.akl (Niova Backdoor): F1/P2
We build a server that we call zizou:
We have not enable the start up option for the server: the malware just try to connect:
-Trojan DownloaderAgent.bkp: P1/P2
-Trojan generated (we use a specific tool which generate customized trojans): P1/P2
-Trojan DOS QuickFlood.a: P1/P2
-OrKutPishing trojan Spy: P1/P2
The on demand scan of the server file (malware unknown from Kaspersky lab):
But unknown from the database, catched by the PDM:
-Trojan/backdoor Win32.Delf.axb: P1/P2