by Danil
Released in December 2003
Made in Ukrainia
Server:
dropped file:
c:\WINDOWS\SYSTEM\nbsystem.exe
size: 12.800 bytes
port: 10001 TCP
files added:
c:\WINDOWS\SYSTEM\dtr.dat
c:\WINDOWS\SYSTEM\DtrVk.dll
c:\WINDOWS\SYSTEM\nbsystem.dll
c:\WINDOWS\SYSTEM\nbsystem.exe
startup:
registry added:
HKEY_CLASSES_ROOT\CLSID\{A2191240-4FFA-11D8-A191-00A02480D0C4}\InProcServer32 "(Default)"
Data: nbsystem.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "NBSYSTEM"
Data: {A2191240-4FFA-11D8-A191-00A02480D0C4}
MegaSecurity