by Tataye
Written in Delphi
Released in February 2004
Made in Rumania
Server:
dropped files:
c:\WINDOWS\svchost.exe Size: 68,413 bytes
c:\WINDOWS\msagent\msnqrp.com Size: 68,413 bytes
c:\WINDOWS\system32\msjcqb.com Size: 68,413 bytes
c:\WINDOWS\system32\mslg.blf Size: 95 bytes
port: 6666 TCP
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "COM Service"
data: C:\WINDOWS\msagent\msnqrp.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D} "StubPath"
data: C:\WINDOWS\System32\msjcqb.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "COM Service"
data: C:\WINDOWS\msagent\msnqrp.com
tested on Windows XP
March 04, 2006
MegaSecurity