by Corpse
Written in MASM
Released in August 2003
Made in Russia
Server: dropped files: c:\WINNT\system32\gate32.sys size: 12.704 bytes c:\WINNT\system32\mprexe.exe size: 23.664 bytes c:\WINNT\system32\snowx.ini size: 320 bytes c:\WINNT\system32\status.dll size: 19.968 bytes c:\WINNT\system32\config\SSL size: 24.576 bytes added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\status HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GATE32\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gate32\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gate32\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GATE32\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gate32\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gate32\Security port: 16661 TCP teted on Win2000MegaSecurity