client fileserver and broadcasts itself in the IRC channel irc.dal.net.
It enables a remote user access to an infected user's computer files
via connection to port 46666.
Upon execution, this Trojan creates the following registry entry in the
Windows System directory so that it executes at every system
It drops a copy of itself as TSKMNGR.EXE in the windows system
directory and then exits. Thereafter, every time the computer is
started, TSKMNGR.EXE executes and runs in the background as a
process. It listens to Transmission Control Protocol (TCP) port
46666 and broadcasts itself in the IRC channel irc.dal.net. Once
active, it acts as an IRC client fileserver that any remote user with
the client program can connect to and access.
The Trojan's body contains the following text strings:
%s, %s : USERID : UNIX : %s%c%c
PRIVMSG %s :ctcp <nick> PING 848348, help, getnick
<nick>, getnonick, rnick <nick>!!, sacker time
high_port addy, jacker time ip ip ip etc, stopsack,
stopjack, spawn filename, ftpget EVERYTHING,