| Name: | BioNet |
| Aliases: | GCI BioNet, BN, Backdoor.Bionet, |
| Ports: | 12348, 12349 (port can be changed) |
| Files: | Bionet.exe - 409,088 bytes Bionet.exe - 488,960 bytes Bionet.exe - 525, Bionet.exe - 530,432 bytes Bionet.exe - 604,160 bytes Bionet.exe - 609,792 bytes Bionet.exe - 626,688 bytes Bionet.exe - 638,976 bytes Bionet.exe - 648,192 bytes Bionet.exe - 665,600 bytes Bionet.exe - 667,136 bytes Bionet.exe - 669,904 bytes Bionet.exe - 2,008,576 bytes Builder.exe - 563,200 bytes Builder.exe - 563,712 bytes Builder.exe - 579,072 bytes Builder.exe - 593,920 bytes Builder.exe - 633,856 bytes Builder.exe - 651,776 bytes Builder.exe - 654,336 bytes Builder.exe - 710,656 bytes Builder.exe - 872,960 bytes Builder.exe - 879,616 bytes Builder.exe - 885,760 bytes Server.exe - 225,480 bytes Server.exe - 269,490 bytes Server.exe - 271,026 bytes Server.exe - 271,388 bytes Server.exe - 273,588 bytes Server.exe - 274,662 bytes Server.exe - 316,590 bytes Server.exe - 404,480 bytes Server.exe - 415,744 bytes Server.exe - 425,472 bytes Server.exe - 727,040 bytes Servernt.exe - 415,232 bytes Server37.exe - 265,904 bytes Debug.exe - 404,480 bytes Debug.exe - 415,744 bytes Debug.exe - 425,472 bytes Debugnt.exe - 415,744 bytes Gcinet.exe - 702,464 bytes Gcinet.exe - 703,488 bytes Gcinetnt.exe - 702,464 bytes Libupdate.exe - Bnscript.ini - Bnhook.dll - Bnplug.dll - 335,360 bytes Winsock.dll - Explorer.e - Cdeztks.exe - Editor.exe - 318,976 bytes Editor.exe - 319,488 bytes Editor.exe - 610,816 bytes |
| Created: | Nov 1999 |
| Requires: | Winsock.dll - is required to run the trojan. |
| Actions: | Remote Access / Keylogger / Steals passwords / ICQ trojan / AOLtrojan / IRC trojan / DoS tool / Eavesdropper |
| It alters Wininit.ini and replaces explorer.exe with explorer.e. It may also infect Awadrp32.exe, Mkcompat.exe and Rnaap.exe. You usually notice your infected because you no longer can reboot or shutdown the computer as the trojan will not shutdown. BioNet also makes it impossible to reboot to DOS mode to delete the trojan. It evaids 15 different antivirus and firewall programs. Every server sent out is possible to be unique with combinations of more than 50 different features using the server builder. Using CGI scripts the trojan can do almost anything. Because of this may manual removal instruction not be totally reliable. The server is distributed in an uncompressed version, to allow anyone to use a compressor is his choice. Using a scheduler, the hacker can activate the server to make contact on a certain a specific day and it may also use ports randomly. Using an IRC server the trojan is also able to update itself. BioNet is able to attack other servers using a large numbers IGMP packets using all available bandwidth. BioNet can also function as an IRC bot. It can also be used as a port redirector for TCP traffic. From v3.09it supports plug-ins from other coders. BioNet can also decrypt several kinds of passwords. | |
| Versions: | 0.6b, 0.7, 0.84, 0.87, 0.871, 0.92, 0.92 NT, 2.21, 2.61a, 2.8.1a,2.9.1b, 2.10.1b, 3.02, 3.04, 3.05, 3.06, 3.07, 3.08, 3.09, 3.10, 3.11,3.12, 3.13, 3.14, 3.14b, 3.15, 3.18, |
| Registers: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKEY_LOCAL_MACHINE\Software\GCI\ |
| Notes: | Works on Windows 95, 98, ME, NT and 2000, together with ICQ and IRCsoftware. Only versions 0.9x and later, works on NT. BioNet versions 3.xare not compatible with versions 2.x. |
| Country: | written in Great Britain |
| Program: | Written in Delphi. |