by ?
Written in Delphi
Released in February 2006
Made in China
 
Server: dropped files: c:\WINDOWS\system32\tmhk.dll Size: 31,652 bytes c:\WINDOWS\system32\winsook.dll Size: 15,872 bytes c:\WINDOWS\system32\WNILOGON.exe Size: 31,652 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SonudMan" data: C:\WINDOWS\System32\WNILOGON.exe tested on Windows XP February 25, 2006MegaSecurity