By H.B.U
Written in Visual Basic
Released in October 2002
Made China
Backdoor.Autocrat.a: port: 8535 TCP dropped files: c:\WINDOWS\SYSTEM\Cp_1253.nxs size: 134 bytes c:\WINDOWS\SYSTEM\rundl132.exe size: 10.240 bytes c:\WINDOWS\SYSTEM\wupdmgr32.exe size: 117.760 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Rundll32" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Windows Update Service" KEY_CLASSES_ROOT\batfile\shell\open\command "(Default)" HKEY_CLASSES_ROOT\comfile\shell\open\command "(Default)" HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" HKEY_CLASSES_ROOT\scrfile\shell\open\command "(Default)" registry added: HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSUpdate\Enum HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSUpdate\EnumMegaSecurity