Kuang2 virus installs remote control functionality on infected systems

backdoor-kuang2v (4074) The risk level is classified as HighHigh Risk

Description:

Kuang2 Virus is a backdoor program designed to run on Windows 95 and 98 systems that infects files much like a virus. Once the virus has been executed on a system, it allows remote control of the system over TCP port 17300 and systematically infects all PE (Portable Executable) .exe files on the system. Remote attackers are able to download and upload files as well as install plugins that expand on the backdoor's basic functions.

Platforms Affected:

  • Microsoft, Windows 95
  • Microsoft, Windows 98

Remedy:

The client program includes an antivirus function to clean an infected computer.

To clean the local system, leave the IP address field in the program blank. The antivirus cleaning process copies the infected version of EXPLORER.EXE to EXPLORER.WK2, and removes the virus. The program places the cleaned version of the file back to EXPLORER.EXE, when you shut down and restart your computer. The antivirus process also scans the hard drive, looking for any other infected files. The readme file included in the distribution of the backdoor recommends running the antivirus scan twice to ensure that the backdoor is removed.

Consequences:

Gain Access

References:

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page