Event ID - 23476

Port No23476
Service NameDonald Dick
RFC Doc0
ProtocolUDP
DescriptionWorks on Windows 95, 98 and NT. Runs TCP/IP as well as on IPX/SPX. Extremly well written Read Me-files. Uses MD5 encryption. Default password = dick. ˆ Source code is available.
Reference LinkDonald_Dick
AttackRegisters:
HLM\System\CurrentControlSet\Services\VxD\VMLDIR\
HLM\System\CurrentControlSet\Control\Session Manager

Files:
Dd152.zip - 365,865 bytes Dd152.zip - 408,138 bytes Dd153.zip - 431,704 bytes Dd154.zip - 502,468 bytes Dd155.zip - 186,179 bytes Dds152.zip - 134,543 bytes Dds153.zip - 160,655 bytes Ddcg152.zip - 273,210 bytes Ddcg153.zip - 276,330 bytes Ddcg154.zip - 278,297 bytes Ddc153.zip - 15,470 bytes Ddc152.exe - Ddc153.exe - 12,288 bytes Client.exe - 16,896 bytes Dds152.exe - 243,712 bytes Ddcg152.exe - 655,872 bytes Ddcg153.exe - 662,528 bytes Ddcw.exe - 667,648 bytes Ddsetup.exe - 293,888 bytes Ddsetup.exe - 330,240 bytes Ddsetup.exe - 333,312 bytes Ddsetup.ini - 4,486 bytes Ddsfind.exe - 8,192 bytes Client.exe - 17,920 bytes Ddick.exe - Ddick.exe - Ddick.ini - 54 bytes Ddick.ini - 56 bytes Vmldir.vxd - Intld.vxd - Bootexec.exe - Oleproc.exe - Pnpmgr.pci - Pmss.exe - Jpegcomp.dll - 79,360 bytes

Actions:
Remote Access / Novell NetWare trojan
Donald Dick looks like Donald Duck as a fat and smoking decadent Soviet Spetsnaz soldier.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.