MS-Connect 1.0.6.1

MS-Connect 1.0.6.1
(Backdoor.Win32.Delf.fb)

by ConnectSwitch

Written in Borland Delphi, compressed with UPX

Made in The Netherlands





dropped file:
c:\WINDOWS\system32\%name%.EXE
size: 86,548 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MS-Connect"
data: C:\WINDOWS\System32\%name%.EXE

HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell\open\command "(Default)"
data: "C:\WINDOWS\System32\%name%.EXE" "%1" 

HKEY_CLASSES_ROOT\.cxq
HKEY_CLASSES_ROOT\.mxq
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell\open
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8B22270A-71D9-4AB9-B11A-2EA1E5292F42}
HKEY_LOCAL_MACHINE\SOFTWARE\MS-Connect



tested on Windows XP
February 21, 2005

MegaSecurity