by Neil & ZeroCool
Written in Delphi, compressed with ASPack
Released in January 2005
Server:
dropped files:
c:\WINDOWS\regsvr_32.exe Size: 31,641 bytes
c:\WINDOWS\system32\hInstance.dll Size: 11,264 bytes
c:\WINDOWS\system32\telnetsvc32.exe Size: 31,641 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8C15971b-RKTP-4c82-8c07-7e181ea07608} "StubPath"
data: C:\WINDOWS\System32\telnetsvc32.exe /hide
Tested on Windows XP
January 28, 2005
MegaSecurity