Written in Delphi

Backdoor.Win32.Sood:
dropped files:
c:\WINDOWS\SYSTEM\loadnbs.exe     size: 411 KB
c:\WINDOWS\REGEDIT.EXE 
c:\WINDOWS\SCANREGW.EXE 
c:\WINDOWS\WELCOME.EXE 
c:\WINDOWS\SYSTEM\INTERNAT.EXE 
c:\WINDOWS\netwatch.exe 
c:\WINDOWS\regedit.ock 
c:\WINDOWS\scanregw.ock 
c:\WINDOWS\welcome.ock 
c:\WINDOWS\SYSTEM\internat.ock 

added to registry::
HKCR\exefile\shell\open\command "(Default)" 

HKEY_CLASSES_ROOT\ockfile\Shellex\{86F19A00-42A0-1069-A2E9-08002B30309D} 
HKEY_CLASSES_ROOT\ockfile\Shellex\{B41DB860-8EE4-11D2-9906-E49FADC173CA}