NetDefend IPS
IPS Advisories
NetDefend
Anti-Virus
Anti-Virus Advisories
NetDefend Web Content Filtering
NetDefend IP Reputation
NetDefend Update Center
IPS History
Nov 29, 2019
Sep 24, 2019
Sep 18, 2019
Mar 31, 2019
Mar 22, 2019
Anti-Virus History
Dec 01, 2019
Nov 23, 2019
Nov 09, 2019
Oct 22, 2019
Oct 19, 2019







Home > NetDefend Live > NetDefend IPS Service
NetDefend IPS Service
Print
Advisory ID
2006
Name
CrazzyNet
IPS Signature
Maintenance IPS Signature
IPS Group
FROM / INT / ATTACK / RESPONSES
Issued
Jul 08, 2000
Description
The backdoor places a server on TCP ports 17499 and 17500, which allows a remote client to connect and perform dozens of functions:retrieve cached password, manipulate the current Windows session, modify and retrieve system settings, log all keystrokes, upload, download and execute arbitrary files
Affected Application
Microsoft Corporation: Windows 95, 98, 98 Second Edition
Solution
- Delete the server file Registry32.exe and or server.exe, to do this you will need a program capable of killing running processes or reboot into dos mode and delete in dos.
- Open up regedit (go to start, run, type regedit and hit ok) and follow this path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Now look for the following value "Reg32" right click and choose delete.
- Also follow this path HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
And delete the same value if found.
- Now open up system.ini (click on run and type system.ini) and look for the following line: shell=Explorer.exe Registry32.exe
- Change this entry to read shell=Explorer.exe
- Close and save changes
- Now open up win.ini the same way and look for the following line: run=Registry32.exe
- Change that line to read run=
- Close win.ini and save changes
- Now delete the following files:
c:\winstart.bat Size: 27 bytes
c:\WINDOWS\Registry32.exe Size: 333,368 bytes
c:\WINDOWS\COMMAND\pkzip.exe Size: 42,552 bytes
c:\WINDOWS\TEMP\~DF127D.TMP Size: 1,536 bytes
Refferences
http://www.justkiwi.com/tairua/antitrojan/trojans/Crazzynet%203.7.1.htm
http://www.glocksoft.com/trojan_list/CrazzyNet.htm
http://www.glocksoft.com/trojan_port.htm
http://xforce.iss.net/xforce/xfdb/5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660
cve
CVE-1999-0660
Enter your details in the box below to receive an email each time we post a new issue of our newsletter.







Dec 07, 2019