Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

Acid Kor

Overview

Vendor Description

 From the doc: 'Why his name is Acid koR? Well, because i learned a lot from the Acid Shivers Source code and with it, i wrote my own, better (you can say it so: several new functions added, like transfer files, msgboxes, replayable msgboxes etc.) than Acid Shivers. And it won't be caught nor from any AV, nor from any Anti-Trojan (like The Cleaner).'

from the doc: 'Well, here it is at last, Acid koRWhy his name is Acid koR?Well, because i learned a lot from the Acid Shivers Source code andwith it, i wrote my own, better (you can say it so: several newfunctions added, like transfer files, msgboxes, replayable msgboxes etc.)than Acid Shivers.And it won't be caught nor from any AV, nor from any Anti-Trojan (like The Cleaner).

Sorry guys, i didnt make it, to let it run on a negativ port. The port is 20002.To be used with TelNet.When you want transfer files, youll need the File GUI included in the package!Im too lazy to write help here, so open AcidkoR, connect with loopback to it,and write "HELP" if you want to know anything and you have a victim.Use AsPack to compress the AcidkoR server. It isnt good code :(Well, im modifiing it, and i work hardly on a ICQ Notifification(dont included in the AcidkoR).Bye, koR

4.4.2k

Since i did not resolve the problems with how to rename the files,i decided that when you send a file to the victim,it will be saved in \windows\file64.exeI decided .exe, because normally you dont send other files (think so)The server size is now ~75 kb. I used the new AsPack to reduce it.Added a new function, to copy:msvbvm60.dllmswinsck.ocxcomctl32.ocxcomdlg32.ocxautomatticaly in the win\system dir. (the runtimes the prog needs)Ideal for a .zip fileThe program is still a little buggy, send anyinfo to: koR@gmx.atCommans:

DIR - List Contents of Current Directory
LS - List Contents of Current Directory
CD - Change To Specified Directory/Drive
CLS - Clear Screen
KILL - Kill Process by PID (Shown in PS)
PS - Shows Running Processes
DEL - Deletes Specified Files
PORT <#> - Change Port Acid koR Listens on (Until Next Reboot)
DESK - Change to default Windows Desktop folder
RECENT - Change to Windows Recent folder
WSFTP - Change to default WS_FTP folder
VERSION - Show Version Number of Acid koR
DRIVES - Show physical, RAM, CD-ROM, and Network drives
BOUNCE - Relay connection to host on port,Control + C to abort.
S - Sendkeys to active window
MACADDR - Show ethernet stats and physical address
NAME - Rename the users computer
ENV - Shows DOS Environment variables
BEEP <#> - Beeps the specified number of times
CDROM - Type 'CDROM' for more information
DIE - Terminate Acid koR
LABEL - Rename a specified disk drive
SHUTDOWN - Type 'Shutdown' for more information
DRIVE - Retrives information on specified drive
KS - Disconnect a session by socket index show in 'STATUS'
TIME - Shows users current system time
DATE - Shows users current system date
INFO - Shows some general system information about host and user
STATUS - Show the state of all sockets used since last reboot
CAT - Retrieve specified file
GET - Retrieve specified file
BCAT - Retrieve specified file in hex form
BGET - Retrieve specified file in hex form
CMD - Run the specified shell command
SH - Run the specified command and display results (may lock up).
MKDIR - Make a new directory
RMDIR - Remove a directory and all files and subdirectories inside.
CP - copy file1 to file2
COPY - copy file1 to file2
HIDE - Hide a task from control + alt + delete.
SHOW - Show a task from control + alt + delete.
RMSG - inputbox (you will receive the reply)
MSG - Message Box
Send a file through the File GUI - SEND c:\path\of\file.exe
Listens for the File GUI - LISTEN
RECV - You cannot receive through telnet. go into the file GUI

Alias

 Backdoor.AcidShiver.kor,

Category

 RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

 

Origins

 

Author

 KoR

Others By This Author

  MSN Cookie · MSN Cookie 1.0 · MSN Cookie 2.5 ·

Programming Language

 Visual Basic

Date of Origin

 October, 2000
 

Detection and Removal

Manual Removal

 Follow these steps to remove Acid Kor from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
Acid.674  Acid.882  AcidBattery1.00  AcidBurn  AcidHead1.00  AcidKor  AcidReign  AcidReign2.0  AcidShiverRelease5.00(PublicOpenSource)  AcidShivers  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development