Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

DaCryptic

Overview

Vendor Description

 from the doc: '-The client program:
DaCryptic.exe
-The backdoor:
simple_verc.exe
''-Source code of the simple backdoor
'' simple_ver.dpr
''-Source code of the worm version
'' worm_ver.dpr
This backdoor/worm has been coded in the period of the PrettyPark worm so it's an old project forgotten in a drawer.This worm has never been spread because there are many little bugs and it's really dirty coded.
-The keylogger function doesn't work under NT, an external dll must be build.
-The trick with the exefile\command\open in the registry seems to not run all programs.
Little description:
The worm function scan Outlook and Eudora address book file and after send email.I don't know know if that work with the last versions.
There is a thread which connect to an irc for see who is online.
The port 1174 is open only when the victim is online and the Wsock32 api call areencrypted and the protocol of the backdoor too.
The keylogger was design mainly for detect if a 13,16 digit code is tape on thekeyboard and after put a flag in the registry(it's surely the big need of money who push me to put this function inside :-).
The other function are: registry access, file upload/download, windows process, etc..
Cryptic_'

Alias

 Backdoor.DaCryptic, Backdoor.DaCryptic [Kaspersky], Backdoor/Dacrypt!Server [Computer Associates], Backdoor/DaCryptic [Computer Associates], BackDoor-OB [McAfee], Bck/DaCryptic [Panda], security risk or a "backdoor" program [F-Prot], Win32/DaCryptic trojan [Eset],

Category

 RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Backdoor:  A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Key Logger:  (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).

Trojan:  Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Worm:  A program that propagates itself by attacking other machines and copying itself to them. Both worms and viruses are self-replicating code that travels from machine to machine by various means. Both worms and viruses have, as their first objective, merely propagation. Both can be destructive, depending on what payload, if any, they have been given. But there are some differences: worms may replace files, but do not insert themselves into files. In contrast, viruses insert themselves in files, but do not replace them.

 

Origins

 

Author

 Cryptic

Others By This Author

  Remote Keylogger · Remote Keylogger (a) · Remote Keylogger (b) ·

Date of Origin

 March, 2001
 

Detection and Removal

Manual Removal

 Follow these steps to remove DaCryptic from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
DTrumpetPING  DUOSW.D.  DUT  DXMSMTPTrojan  DaBoys.Q2!Dropper  DaCryptic  Da_Boys.A  Dad.503  Dada.1356  Daddy.1093.C  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development