GirlFriend backdoor 1.0 beta detection 1.1
 
Plugin ID294
Plugin nameGirlFriend backdoor 1.0 beta detection
Plugin filenameGirlFriend backdoor 1.0 beta detection.plugin
Plugin filesize2279 bytes
Plugin familyBackdoors
Plugin created nameMarc Ruef
Plugin created emailmarc.ruef at computec.ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2005/01/04
Plugin version1.1
Plugin protocoltcp
Plugin port21554
Plugin procedure detectionopen|sleep|send ver\n|sleep|close|pattern_exists GirlFriend
Plugin detection accuracy98
Plugin commentThe NASL script is Copyright (C) 1999 Renaud Deraison
Bug vulnerability classConfiguration
Bug descriptionGirlFriend is installed. This backdoor allows anyone to partially take the control of the remote system. An attacker may use it to steal your password or prevent your from working properly.
Bug solutionTo remove GirlFriend from your machine, open regedit to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and look for a value named 'Windll.exe' with the data 'c:\windows\windll.exe'. Reboot to DOS and delete the C:\windows\windll.exe file, then boot to Windows and remove the 'Windll.exe' registry value.
Bug fixing timeApprox. 45 minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity8
Bug simplicity8
Bug impact9
Bug risk8
Bug Nessus riskHigh
Bug check toolsNessus can check this flaw with the plugin 10094 (GirlFriend).
Source CVECAN-1999-0660
Source Nessus ID10094
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.