AntiLamer Light
AntiLamer Light is a Remote Administration Tool (RAT) created to allow remote hackers to manage and control computers or networks from a remote location. AntiLamer Light may have a server application residing on your computer which answers to the attacker's commands; the attacker may control and configure your server applications. AntiLamer Light may install in your computer through a security breach. Once installed, it may download additional malware, putting at risk your security, infecting your computer system with backdoors and system files, and even spreading itself to other computers in your network.
Currently, AntiLamer Light appears as one of the threat results found in fake warning messages. Such fake warning messages are known to be used as a scare tactic to trick users into buying rogue anti-spyware programs like Internet Antivirus.
File System Modifications
- The following files were created in the system:
# File Name 1 6.26.2004.10.53.33....0.reg 2 6.26.2004.10.53.34....1.dat 3 6.26.2004.10.53.34....1.reg 4 _iu14d2n.tmp-065eaffd.pf 5 aconti.exe-105d3294.pf 6 alb.exe-01f9e69e.pf 7 alb.exe-0e801625.pf 8 alb.exe-0fe358f0.pf 9 alb.exe-328f3713.pf 10 antilamer light.txt 11 backdoor.antilam.13.a.exe-3ab6a254.pf 12 backdoor.antilam.20.j.exe-25e4239f.pf 13 collecteddata_127.xml 14 collecteddata_196.xml 15 collecteddata_200.xml 16 collecteddata_202.xml 17 collecteddata_210.xml 18 collecteddata_218.xml 19 config.exe-0b915f83.pf 20 config.exe-28993197.pf 21 desktopdir+\5-1-14-24.lnk 22 drwtsn32.exe-2b4b52ac.pf 23 edit.dll 24 editsrv.exe 25 editsrv.exe-020c4fa9.pf 26 edtsrv.exe-34c94755.pf 27 edtsrv.exe-3861317c.pf 28 edtsrv.exe-39d44f73.pf 29 edtsrv.exe-3af77064.pf 30 english.reg 31 int327777.exe-22f4e5c7.pf 32 int327777.exe-317926e6.pf 33 int327777.sdb 34 joiner.exe-37b4e594.pf 35 new_alb.exe-080f644e.pf 36 profilepath+\administrator\start menu\5-1-14-24.lnk 37 profilepath+\administrator\start menu\programs\5-1-14-24.lnk 38 programfilesdir+\websx\int327777.exe 39 programfilesdir+\websx\int339890.exe 40 programfilesdir+\websx\websx.ini 41 readme.htm 42 readme.txt 43 runw.exe 44 runw.exe-0acf03f1.pf 45 server.exe-04168f44.pf 46 server.exe-19885956.pf 47 server.exe-1e8ebe0c.pf 48 server.exe-1ea17666.pf 49 server.exe-1fb68265.pf 50 server.exe-1ff20139.pf 51 smt.exe-245bb5ee.pf 52 systemroot+\runwin32.exe 53 systemroot+\system\runwin.exe 54 systemroot+\system\runwindows32.exe 55 trojan.exe-0c7fe615.pf 56 trojan.psw.allight.10.b 57 trojan1.exe 58 trojan1.exe-007581cd.pf 59 trojan1.exe-0d8b60b3.pf 60 trojan2.exe 61 trojan2.exe-12ee91de.pf 62 trojan2.exe-2c402d8d.pf 63 unins000.exe-1da47506.pf
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\SOFTWARE\Microsoft\Windows\CurrentVersion\{ModuleUsage}c:/windows/downloaded program files/acontix.ocx\.ownerc:/windows/downloaded program files/acontix.ocx\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\software\antilamer backdoor\color1HKEY_LOCAL_MACHINE\software\antilamer backdoor\color2HKEY_LOCAL_MACHINE\software\antilamer backdoor\color3HKEY_LOCAL_MACHINE\software\antilamer backdoor\downloadfolderHKEY_LOCAL_MACHINE\software\antilamer backdoor\ipHKEY_LOCAL_MACHINE\software\antilamer backdoor\langHKEY_LOCAL_MACHINE\software\antilamer backdoor\loggerportHKEY_LOCAL_MACHINE\software\antilamer backdoor\nickHKEY_LOCAL_MACHINE\software\antilamer backdoor\portHKEY_LOCAL_MACHINE\software\classes\acontixcontrolHKEY_LOCAL_MACHINE\software\classes\clsid\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}\installerHKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}\systemcomponentHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\afHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\avHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\conHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\con1HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\con2HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\mypHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\numberHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\numberonHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\psHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\runwin32HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\runwindowsHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}5-1-14-24\displayicon5-1-14-24\displayname5-1-14-24\uninstallstring
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.