by Hardkore Virus Labs
Original Filename: HVLRat 5.02.0009
Written in Visual Basic
Server: dropped files: c:\WINDOWS\MSGSVR16.EXE size: 250.880 bytes c:\WINDOWS\SYSTEM\ .exe size: 250.880 bytes c:\WINDOWS\SYSTEM\MSGSVR16.EXE size: 250.880 bytes added to registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Explorer" data: C:\WINDOWS\MSGSVR16.EXE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce "Explorer" data: C:\WINDOWS\system\MSGSVR16.EXE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Explorer" data: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce "Explorer" data: C:\WINDOWS\MSGSVR16.EXE tested on Windows 98 January 05, 2005MegaSecurity