Plugin ID | 294 |
Plugin name | GirlFriend backdoor 1.0 beta detection |
Plugin filename | GirlFriend backdoor 1.0 beta detection.plugin |
Plugin filesize | 2279 bytes |
Plugin family | Backdoors |
Plugin created name | Marc Ruef |
Plugin created email | marc.ruef at computec.ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2005/01/04 |
Plugin version | 1.1 |
Plugin protocol | tcp |
Plugin port | 21554 |
Plugin procedure detection | open|sleep|send ver\n|sleep|close|pattern_exists GirlFriend |
Plugin detection accuracy | 98 |
Plugin comment | The NASL script is Copyright (C) 1999 Renaud Deraison |
Bug vulnerability class | Configuration |
Bug description | GirlFriend is installed. This backdoor allows anyone to partially take the control of the remote system. An attacker may use it to steal your password or prevent your from working properly. |
Bug solution | To remove GirlFriend from your machine, open regedit to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and look for a value named 'Windll.exe' with the data 'c:\windows\windll.exe'. Reboot to DOS and delete the C:\windows\windll.exe file, then boot to Windows and remove the 'Windll.exe' registry value. |
Bug fixing time | Approx. 45 minutes |
Bug exploit availability | Yes |
Bug remote | Yes |
Bug local | Yes |
Bug severity | High |
Bug popularity | 8 |
Bug simplicity | 8 |
Bug impact | 9 |
Bug risk | 8 |
Bug Nessus risk | High |
Bug check tools | Nessus can check this flaw with the plugin 10094 (GirlFriend). |
Source CVE | CAN-1999-0660 |
Source Nessus ID | 10094 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.computec.ch |