by F”NG”§ KĄD[x]
Written in Delphi
Released in August 2005
Made in Turkey
Client Dropped Files: c:\Documents and Settings\%user%\Local Settings\Temp\Cigicigi Vip.exe Size: 1,988,608 bytes c:\Documents and Settings\%user%\Local Settings\Temp\Ekran.bmp Size: 3,131,658 bytes c:\Documents and Settings\%user%\Local Settings\Temp\Keylogger-MEGASECURITY.txt Size: 2 bytes c:\Documents and Settings\%user%\Local Settings\Temp\mail.exe Size: 46,080 bytes c:\Documents and Settings\%user%\Local Settings\Temp\mail.txt Size: 0 bytes c:\Documents and Settings\%user%\Local Settings\Temp\msn.exe Size: 44,544 bytes c:\Documents and Settings\%user%\Local Settings\Temp\msn.txt Size: 0 bytes c:\Documents and Settings\%user%\Local Settings\Temp\Perflib_Perfdata_8b8.dat Size: 16,384 bytes c:\Documents and Settings\%user%\Local Settings\Temp\pspv.exe Size: 52,736 bytes c:\Documents and Settings\%user%\Local Settings\Temp\pspv.txt Size: 256 bytes c:\Documents and Settings\%user%\Local Settings\Temp\server.exe Size: 664,055 bytes c:\WINDOWS\system32\1298.ftp Size: 15 bytes c:\WINDOWS\system32\1298.pass Size: 6 bytes c:\WINDOWS\system32\1298.usr Size: 10 bytes c:\WINDOWS\system32\blckx.exe Size: 618,496 bytes c:\WINDOWS\system32\ip.php Size: 40 bytes c:\WINDOWS\system32\drivers\ctfmon.exe Size: 212,992 bytes c:\WINDOWS\system32\drivers\PicFormat32.dll Size: 121,564 bytes c:\WINDOWS\system32\drivers\PicFormat32.ocx Size: 36,864 bytes c:\WINDOWS\system32\drivers\rundll32.exe Size: 200,704 bytes c:\WINDOWS\system32\drivers\svchost.exe Size: 176,128 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "msconfig" Data: C:\WINDOWS\system32\blckx.exe Tested on Windows XP March 03, 2009MegaSecurity