by Craka Man
Written in Visual Basic
dropped files: c:\WINDOWS\CXMCrackHeadzV1.1.exe Size: 573,440 bytes c:\WINDOWS\Fonts\lsass.exe Size: 859,607 bytes startup: HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" old data: "%1" %* new data: c:\WINDOWS\Fonts\lsass.exe "%1" %* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "iexplore.exe" data: c:\WINDOWS\Fonts\lsass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "iexplore.exe" data: c:\WINDOWS\Fonts\lsass.exe /RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx "iexplore.exe" data: c:\WINDOWS\Fonts\lsass.exe tested on Windows XP July 18, 2005MegaSecurity