by CrAzzyWak
Released in July 2000
Server: dropped files: c:\winstart.bat size: 25 bytes c:\WINNT\Registry32.exe size: 333.368 bytes port: 17500, 17499 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Reg32" data: Registry32.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: Registry32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe Registry32.exe tested on Win2000MegaSecurity