by Slim
Written in Delphi
dropped file: c:\WINDOWS\cfgsys32.exe size: 7.170 bytes port: 20249 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "cfgsys32" data: C:\WINDOWS\cfgsys32.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINDOWS\cfgsys32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cfgsys32" data: C:\WINDOWS\cfgsys32.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" data: C:\WINDOWS\cfgsys32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe cfgsys32.exe tested on Windows XP December 18, 2004MegaSecurity