by ?
Written in Delphi
Released in October 2006
Made in China
Server: dropped files: c:\WINDOWS\system32\QQhx.dat Size: 38,428 bytes c:\WINDOWS\system32\sfeojg.dll Size: 39,424 bytes c:\WINDOWS\system32\sfeojg.exe Size: 38,428 bytes deleted file: c:\WINDOWS\system32\Restore\MachineGuid.txt added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR" old data: 00, 00, 00, 00 new data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe C:\WINDOWS\System32\sfeojg.exe tested on Windows XP November 14, 2006MegaSecurity