by ?
Written in Microsoft Visual C++
dropped file: c:\WINDOWS\system32\hom1.txt port: 5153 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "setFTPBack" data: C:\WINDOWS\System32\createsw.exe attempts to connect to a FTP Server explorer startpage is altered to "www.babasearch.com" tested on Windows XP November 16, 2005MegaSecurity