by santasdad
Written in Delphi
Released in February 2006
dropped file:
c:\WINDOWS\system32\server Size: 31,232 bytes
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "RegKey"
data: C:\WINDOWS\System32\server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{58920203-E2D9-16ET-4LL0-ACC355184E4F} "StubPath"
data: C:\WINDOWS\System32\server
tested on Windows XP
May 18, 2006
MegaSecurity