by xia-zai-zhe
Released in July 2007
Made in China
Server: dropped files: c:\autorun.inf Size: 159 bytes c:\lcg.exe Size: 26,112 bytes c:\WINDOWS\system32\Autorun.inf Size: 159 bytes c:\WINDOWS\system32\SVSH0ST.EXE Size: 26,112 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate "DisableWindowsUpdateAccess" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "svchost" data: C:\WINDOWS\System32\SVSH0ST.EXE tested on Windows XP July 10, 2007MegaSecurity