by cmjboy
Written in Delphi, compressed with UPX
Made in China
Servers: c:\WINDOWS\SYSTEM\Rundll32 .exe c:\WINDOWS\scanregw .exe c:\WINDOWS\taskmon .exe size: 685.568 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "LoadPowerProfile" Old data: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme New data: "Rundll32 .exe" powrprof.dll,LoadCurrentPwrScheme HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" Old data: C:\WINDOWS\scanregw.exe /autorun New data: "C:\WINDOWS\scanregw .exe" /autorun HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Taakcontrole" Old data: C:\WINDOWS\taskmon.exe New data: "C:\WINDOWS\taskmon .exe" added: c:\WINDOWS\scanregw .exe c:\WINDOWS\taskmon .exe c:\WINDOWS\SYSTEM\BACKDOOR.CMJSPY.D.exe c:\WINDOWS\SYSTEM\Internet .exe c:\WINDOWS\SYSTEM\ppx.txt c:\WINDOWS\SYSTEM\Rundll32 .exe c:\WINDOWS\SYSTEM\Rundll32 .exe c:\WINDOWS\TEMP\IO.dll c:\WINDOWS\TEMP\p2x560.dll c:\WINDOWS\TEMP\Socket.dll c:\WINDOWS\SYSTEM\tdllcope.vxdMegaSecurity