By H.B.U
Written in Visual Basic, compressed with PECompact
Released in August 2002
Made China
Server: dropped files: C:\WINDOWS\SYSTEM\SRVSUPP.EXE C:\WINDOWS\SYSTEM\wupdmgr32.exe size 100.352 bytes port: 8535, 8536 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Service Support" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Windows Update Service" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Service Support" added: registry: HKLM\System\ControlSet001\Services\MSUpdate\Enum HKLM\System\CurrentControlSet\Services\MSUpdate\Enum files: c:\WINDOWS\vbevents.log c:\WINDOWS\SYSTEM\autocrat_log.log c:\WINDOWS\SYSTEM\wsock32l.dll c:\WINDOWS\SYSTEM\wsock32p.dll c:\WINDOWS\SYSTEM\wsock32s.dllMegaSecurity