Win32/Flood [Threat Name] go to Threat
Win32/Flood.C [Threat Variant Name]
| Category | trojan |
| Size | 355840 B |
| Aliases | RemoteAccess:Win32/Devil (Microsoft) |
| TROJ_FLOOD.C (TrendMicro) | |
| Trojan.Flood.C (BitDefender) |
Short description
The trojan serves as a backdoor. It can be controlled remotely.
Installation
The trojan does not create any copies of itself.
Payload information
The trojan serves as a backdoor.
It listens on TCP port 65000 .
It can execute the following operations:
- run executable files
- delete files
- open the CD/DVD drive
- shut down/restart the computer
- show fake alerts
The trojan may delete files stored in the following folders:
- c:\
- c:\windows\
- c:\windows\bureau\
- c:\windows\command\
- c:\windows\config\
- c:\windows\cookies\
- c:\windows\crystal\
- c:\windows\cursors\
- c:\windows\Favoris\
- c:\windows\fonts\
- c:\windows\forms\
- c:\windows\help\
- c:\windows\history\
- c:\windows\inf\
- c:\windows\java\
- c:\windows\main\
- c:\windows\media\
- c:\windows\sysbckup\
- c:\windows\system\
- c:\windows\ws2bakup\
- c:\icq\
Other information
The trojan may create the text file:
- c:\#JACK#.txt