by ?
Compressed with PECompact
dropped files: c:\Documents and Settings\%user%\Application Data\Microsoft\Tools\winmgmt.exe size: 8,280 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winmgmt" data: C:\Documents and Settings\%user%\Application Data\Microsoft\Tools\winmgmt.exe attempts to connect to an IRC Server This backdoor is related to the site: www.utility-carfax.com tested on Windows XP November 14, 2005MegaSecurity