by Ayoob. N
Written in Visual Basic
Released in June 2006
Server:
dropped files:
c:\WINDOWS\sysver.exe Size: 15,815 bytes
c:\WINDOWS\system32\syschost.exe Size: 15,815 bytes
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
data: Explorer.exe syschost.exe s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{631355B4E1-KAC2IL-O4KGD-S16T4-TQEC72D1O702} "StubPath"
data: sysver.exe
tested on Windows XP
July 26, 2006
MegaSecurity