| Name: | Msinit |
| Aliases: | Troj_Msinet.A, MSINIT.A, W32/Msinit, Win32.Trojan.Bymer,W32.HLLW.Bymer, Dnet.Dropper, Trojan.Win32.Bymer, W32/Bymer-A,Worm_Bymer_a, Wininit, Worm.Bymer, Worm.RC5, Worm.RC5.b,Worm/Dnet_Winit, |
| Ports: | 137 (UDP), 139 |
| Files: | Wininit.exe - 22,016 bytes Msinit.exe - 22,016 bytes (compressed) Msinit.exe - 53,248 bytes (uncompressed) Msxxxx.exe - 22,016 bytes Msclient.exe - 4,096 bytes Dnetc.exe - 186,188 bytes Dnetc.ini - Info.dll - Ms216.exe - Msi216.exe - Msi211.exe - - [220 kb] |
| Created: | Sep 2000 |
| Requires: | |
| Actions: | Worm / Destructive trojan / Network trojan |
| Alters Win.ini. It is also found in Windows Startup Directory. Msinit spreads itself through open network shares and disables infected computers from the network. Most of the files are packed using different versions of UPX. Dnetc is a legitimite program that may have been installed previously. In this case itīs used illegally. | |
| Versions: | A, B, |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ |
| Notes: | Works on Windows 95, 98 and ME. |
| Country: | written in the Ukraine |
| Program: |