by ?
Original Filename: sysmonnt.exe
Written in Visual Basic, compressed with UPX
Backdoor.Win32.VB.aat:
size: 33,792 bytes
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Backdoor.Win32.VB.aat"
HKEY_CLASSES_ROOT\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\InetCtls.Inet
tested on Windows XP
August 25, 2005
MegaSecurity