by Stan
Written in Assembly
Server: dropped file: c:\WINDOWS\system32\winlogin.exe size: 16,510 bytes port: 6564 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Plug and Play "StubPath" data: C:\WINDOWS\System32\winlogin.exe ASC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Plug and Play" data: C:\WINDOWS\System32\winlogin.exe tested on Windows XP November 14, 2005MegaSecurity