by ?
Written in Microsoft Visual Basic
dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\fonts.exe
size: 77,824 bytes
c:\WINDOWS\loadexe.exe
size: 77,824 bytes
c:\WINDOWS\Setwindows.com
size: 134,144 bytes
c:\WINDOWS\system32\Kernal99.dll
size: 2 bytes
c:\WINDOWS\system32\system.exe
size: 77,824 bytes
added to registry:
HKEY_CLASSES_ROOT\File Manager
HKEY_CLASSES_ROOT\File Manager\DefaultIcon
HKEY_CLASSES_ROOT\File Manager\Shell
HKEY_CLASSES_ROOT\File Manager\Shell\open
HKEY_CLASSES_ROOT\File Manager\Shell\open\command
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\B
HKEY_CLASSES_ROOT\.avi "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.bat "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.c "(Default)"
New data: File Manager
HKEY_CLASSES_ROOT\.c "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.chm "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.cpp "(Default)"
New data: File Manager
HKEY_CLASSES_ROOT\.cpp "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.dll "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.doc "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.gif "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.h "(Default)"
New data: File Manager
HKEY_CLASSES_ROOT\.h "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.hlp "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.htm "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.ico "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.inf "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.ini "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.jpe "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.jpeg "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.log "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.mdb "(Default)"
New data: File Manager
HKEY_CLASSES_ROOT\.mdb "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.mid "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.mp3 "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.ppt "(Default)"
New data: File Manager
HKEY_CLASSES_ROOT\.ppt "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.reg "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.rtf "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.sys "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.txt "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.wav "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.wmf "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.xls "(Default)"
New data: File Manager
HKEY_CLASSES_ROOT\.xls "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\.zip "SysBack"
New data: File Manager
HKEY_CLASSES_ROOT\File Manager\DefaultIcon "(Default)"
Data: Shell32.dll,3
HKEY_CLASSES_ROOT\File Manager\Shell\open\command "(Default)"
Data: C:\WINDOWS\System32\system.exe %1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Control Panal"
Data: C:\WINDOWS\System32\system.exe
tested on Windows XP
February 17, 2005
MegaSecurity