| Port No | 1099 |
| Service Name | B. F. Evolution |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | B.F. Evolution is a Visual Basic trojan. It has mostly features to control various AOL functions. We are not sure what version of AOL this is. It seems to attempt to auto start by the registry but does not do it correctly. The server file is .exe (a space before the .). |
| Reference Link | B. F. Evolution Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: WinLibUpdate It does the following : Capture screen Draw on screen Get AOL chat room Get AOL screen name Get last IM Get NetBIOS info Get network info Get passwords Get resolution Get user info Hide/Show AOL Hide/show parts of windows Open/Close Cd-Rom Respond to IM Send an email through server's AOL Send IM Send text to AOL chat Send to AOL chat room Shutdown windows Spy on AOL chat room Stream audio from server microphone Turn IMs on/off Various CD-player functions View active and listening connections on server Removal : 1. Remove the (Default) key with the value of " " in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close .exe. 3.Delete the trojan file .exe in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.