Kuang2 virus installs remote control functionality on infected systems

backdoor-kuang2v (4074) The risk level is classified as HighHigh Risk

Description:

Kuang2 Virus is a backdoor program designed to run on Windows 95 and 98 systems that infects files much like a virus. Once the virus has been executed on a system, it allows remote control of the system over TCP port 17300 and systematically infects all PE (Portable Executable) .exe files on the system. Remote attackers are able to download and upload files as well as install plugins that expand on the backdoor's basic functions.


Consequences:

Gain Access

Remedy:

The client program includes an antivirus function to clean an infected computer.

To clean the local system, leave the IP address field in the program blank. The antivirus cleaning process copies the infected version of EXPLORER.EXE to EXPLORER.WK2, and removes the virus. The program places the cleaned version of the file back to EXPLORER.EXE, when you shut down and restart your computer. The antivirus process also scans the hard drive, looking for any other infected files. The readme file included in the distribution of the backdoor recommends running the antivirus scan twice to ensure that the backdoor is removed.

References:

Platforms Affected:

  • Microsoft Windows 95
  • Microsoft Windows 98

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page