Alvgus 8.0
|
· Overview ·
|
Overview |
|
Vendor Notes: |
ALVGUS'S TROJAN DOCUMENTATION (Version 8.0) Alvgus© 2000 ------------------------------------------------------------------ DISCLAIMER: ALVGUS'S TROJAN WAS WRITTEN FOR ALVGUS'S PERSONAL EDUCATIONAL PURPOSES ONLY ------------------------------------------------------------------ INSTALLATION: 1) Perform on both your and remote computers: Copy file Mswinsck.ocx to ..\WINDOWS\SYSTEM\ directory Install VBRUN60.EXE 2) Then: Run ATServer.exe on remote or your computer Look provider's IP range in Prov_IP.txt Run ATFinder on your computer Use ATFinder to determine remote system's IP Run ATClient.exe on your computer Use ATClient to administrate remote system or use IP: 127.0.0.1 to administrate your computer ------------------------------------------------------------------ CHANGES FROM PREVIOUS VERSIONS: - From version 7.0: - Added functions: - Transfer from - Change directory note: Both server and client became bigger in size because of added functions :( - From version 6.0: - New version of ATFinder included: - It is faster - It needs less system resources to run - It is smaller in size - Error report bug in server was fixed - Another bug in cancel transfer function was fixed - Reply to custom command feature improved - Error report features improved - Both client and server are now faster a bit - Server is now smaller in size note: Transfer from function is not availible yet :( - From version 5.0: - Brand new utility ATPass added - Code of both client and server was a bit optimized - Few bugs in cancel transfer function were fixed note: Transfer from function is not availible yet :( - From version 4.0: - Smaller size of server and client - Added functions: - Transfer to note: Transfer from function is not availible yet :( |
Alias: |
Backdoor.Alvgus.a, Trojan.PSW.TFC |
Category: |
RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment. |
Variants: |
|
Similar Pests: |
RAT |
Origins |
|
Author: |
Alvgus |
Date of Origin: |
Variants from January, 2002 to July, 2004 |
Operation |
|
Default Port: |
27184 TCP 27184 UDP More info about ports. |
Storage Required: |
|
Restart: |
none Autostarting Pests |
ScreenShot: |
|
Alvgus 8.0
Risks |
|
Detection Issues: |
Difficult to detect by design. May hide from process list. May install with variable names in variable locations. |
Detection and Removal |
|
Automatic Removal: |
|
Manual Removal: |
Follow these steps to remove Alvgus from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
| Stop Running Processes: Kill these running processes with Task Manager: | |
| Remove Files: Remove these files (if present) with Windows Explorer: | |
Research |
|
File Analyses: |
|
More Info: |
|
Research By: |
|
Last Revised: |
September 08, 2004 |
PestPatrol detects this.