by ToxicFrog
Written in Visual Basic
Released in April 2005
Made in Iran
Server:
dropped file:
c:\WINDOWS\Help\SVCHOST.EXE
size: 14,007 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E994} "StubPath"
data: C:\WINDOWS\help\SVCHOST.EXE -tx
tested on Windows XP
September 29, 2005
MegaSecurity