| Port No | 669 |
| Service Name | DP Trojan |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | DP Trojan 2.5 is a Visual Basic 6 trojan. The big thing about this trojan is its size. The file to infect is 1.96 Megs. Plus you need the Msvbvm60.dll which is another 1.34 megs. It would appear if this trojan was ment to be installed by physical access due to its size. Also upon infecting it makes the cursor get really big and then really small. So, it is hard to be tricked into installing this. |
| Reference Link | DP Trojan Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Fexspzrh, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Key: Bjom, HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run Key: Focmcgiv It does the following : Active proccess Chat with server Execute command File transfer Find files Get drives and directories Get info Key logger Send keys Set wallpaper Removal : 1.Remove the Fexspzrh key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, the Bjom key in the registry located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices the Focmcgiv key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run.Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close DP.exe. 3. Delete the trojan file DP.exe in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.