Bootlegger (a)

Bootlegger (a)
(Backdoor.Win32.Lootbeg.a)

by ?

Written in Borland C++


dropped file:
c:\WINDOWS\Cursors\svchost.exe
size: 515,072 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "Norman Anti Viruss"
data: c:\windows\Cursors\svchost.exe 



tested on Windows XP
March 11, 2006

MegaSecurity