Alvgus Trojan 2000

· Overview ·
· Origins ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 from the doc: '=-< ALVGUS'S TROJAN 2000 >=-
-----------------------------------------------------------------------
DISCLAIMER:
ALVGUS'S TROJAN WAS WRITTEN FOR PERSONAL EDUCATIONAL PURPOSES ONLY!
The author accept NO LIABILITY for damages of any kind caused by use of this software.
The author make NO WARRANTY with respect to this software.
This software is provided "AS IS", and you, its user, assume the entire risk as to its quality and accuracy.
-----------------------------------------------------------------------
NOTE: you may need to have msvbvm60.dll in your windows\system directory to run AT2000
-----------------------------------------------------------------------
INSTALLATION:
1) Execute ATServerInstaller+Wck.exe on remote computer (if the computer already has mswinsck.ocx in its windows\system directory you may use ATServerInstaller.exe)
2) When your and remote computer are both in internet use ATServerFinder.exe to find remote computer's IP
3) Use ATClient.exe to control remote computer'

Alias:

 ALVGUS'S TROJAN 2000, Backdoor.Alvgus.b, Backdoor.Alvgus.b [Kaspersky], Backdoor/Alvgus.B.Server [Computer Associates], BackDoor-OS [McAfee], Bck/Alvgus.B [Panda], security risk or a "backdoor" program [F-Prot], Win32/Alvgus.B trojan [Eset]

Category:

RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Similar Pests:

 RAT · Backdoor · Trojan

Origins

Author:

 Alvgus

Programming Language:

 Visual Basic. Requires msvbvm60.dll

Date of Origin:

 October, 2000

Place of Origin:

 Russia

Operation

Default Port:

 27184 TCP 27184 UDP More info about ports.

Storage Required:
  • Alvgus Trojan 2000: at least 161 KB
    		•

    Restart:

    		 HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Autostarting Pests

    ScreenShot:


    Alvgus Trojan 2000


    Alvgus 2000

    Risks

    Detection Issues:

    		 Difficult to detect by design. May hide from process list. May install with variable names in variable locations.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Alvgus Trojan 2000 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 October 29, 2004