by Darksky
Written in Visual C++
Released in December 2002
Made in China
Server Dropped Files: c:\WINDOWS\SYSTEM\KNREL32.exe c:\WINDOWS\SYSTEM\notepade.exe c:\WINDOWS\SYSTEM\SysArchive.exe size: 40.960 bytes port: 5418, 5419 TCP startup: HKEY_CLASSES_ROOT\.txt\shell\open\command "(Default)" HKEY_CLASSES_ROOT\txtfile.txt\shell\open\command "(Default)" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "SysArchive"MegaSecurity