by ?
Compressed with UPX
dropped files: c:\Documents and Settings\%user%\Start Menu\Programs\Startup\services.exe size: 26,624 bytes c:\Documents and Settings\%user%\Templates\services.exe size: 26,624 bytes c:\Program Files\Common Files\services.exe size: 26,624 bytes c:\WINDOWS\system32\services.dll size: 19,968 bytes port: 68 UDP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Services Logon" data: C:\Documents and Settings\%user%\Templates\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Services Startup" data: C:\Program Files\Common Files\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "Services Logon" data: C:\Documents and Settings\%user%\Templates\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "Services Startup" data: C:\Program Files\Common Files\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices "Services Logon" data: C:\Documents and Settings\%user%\Templates\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices "Services Startup" data: C:\Program Files\Common Files\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce "Services Logon" data: C:\Documents and Settings\%user%\Templates\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce "Services Startup" data: C:\Program Files\Common Files\services.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\WindowsUpdate "Installed" data: 01/02/2006 23:57:29 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Services Logon" data: C:\Documents and Settings\%user%\Templates\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Services Startup" data: C:\Program Files\Common Files\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Services Logon" data: C:\Documents and Settings\Kobayashi\Templates\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Services Startup" data: C:\Program Files\Common Files\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Services Logon" data: C:\Documents and Settings\%user%\Templates\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Services Startup" data: C:\Program Files\Common Files\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce "Services Logon" data: C:\Documents and Settings\%user%\Templates\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce "Services Startup" data: C:\Program Files\Common Files\services.exe attempts to update a counter at http://cocorosa.ath.cx/~uw/counter.php tested on Windows XP February 01, 2006MegaSecurity