by Ghirai
Written in Visual Basic
-the files 'Install.exe' and '~Install.exe' are a little different: -both are servers, but '~Install.exe' also kills from memory/uninstalls some firewalls and A-Virus programs... -that's the only difference. -you'll probably need the vb6 runtimes and mswinsck.ocx in your Windows\System folder (check altavista, etc.) Ghirai. Server: dropped file: C:\WINDOWS\SYSTEM\~Cab001.exe size: 47 and 49 KB port: 38742 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Regcheck" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Regcheck" c:\windows\win.ini, "load"MegaSecurity