by Tataye
Successor of Ulysses
Written in Delphi
Released in February 2003
Made in Rumania
Server:
dropped files:
c:\WINDOWS\SYSTEM\COM\mscom32.com
c:\WINDOWS\SYSTEM\WBEM\wb.com
size: 52.736 bytes
port: 666 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{45DD0432-AA51-31EF-EEFA-06AA12E6115C} "StubPath"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "COM Service"
added:
c:\WINDOWS\SVCHOST.EXE
MegaSecurity