Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Coldrage-A

Mar 16, 2004 12:41AM PST

Aliases
Backdoor.ServU-based, Backdoor.Iroffer.1219, BAT/ServU.A, ServU-Daemon, NTRootKit-B.bat, IRC/Flood.mirc, Win32/Iroffer.1219, Backdoor.IRC.Aladinz.L, BKDR_IROFFER.A, IRC_COLDRAGE.B, BAT_IRCOBUS.B, IRC_COLDRAGE.A

Type
Trojan

Description
Troj/Coldrage-A is a backdoor Trojan consisting of several components. Many of the files used by the Trojan are legitimate utilities.
The malicious components of the Trojan are installed as files named:
bot.ini
clean.bat
firehell.ini
hasn.ini
mirc.ini
msdos.sys
patch.bat
remote.ini
secure.bat
servers.ini
soundman.exe

The legitimate components are:

TLIST.EXE - a tool to list running processes

cpu.exe - an IRC file transfer application

regit.exe - a copy of the mIRC v6.03 IRC client

scvhost.exe - an FTP server

spoolvs.exe - an IRC proxy server

Troj/Coldrage-A is controlled via IRC and can be used in distributed denial-of-service attacks.

http://www.sophos.com/virusinfo/analyses/trojcoldragea.html

Discussion is locked