by H4CK1TD0WN
Written in Visual Basic
Released in September 2006
Made in Germany
Server:
dropped files:
c:\WINDOWS\inf.exe Size: 51,200 bytes
c:\WINDOWS\pw4.txt
c:\WINDOWS\Steam.dll Size: 3,686,400 bytes
added to registry:
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CLASSES_ROOT\.doc\ShellEx
HKEY_CLASSES_ROOT\.ppt\ShellEx
HKEY_CLASSES_ROOT\.xls\ShellEx
HKEY_CLASSES_ROOT\.xlt\ShellEx
HKEY_CLASSES_ROOT\CLSID\{83799FE0-1F5A-11d1-95C7-00609797EA4F}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InProcServer32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMIAPSRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMIAPSRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv\Enum
tested on Windows XP
April 05, 2007
MegaSecurity