by Masoud Azimi
Released in July 2006
Made in Iran
Server: dropped files: c:\WINDOWS\system32\Volume58.exe Size: 35,897 bytes c:\WINDOWS\system32\drivers\asd.exe Size: 9,270 bytes c:\WINDOWS\system32\drivers\D.Txt Size: 0 bytes c:\WINDOWS\system32\drivers\g.bat Size: 80 bytes c:\WINDOWS\system32\drivers\S.BAT Size: 74 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "Regedit 32" data: C:\WINDOWS\System32\Volume58.exe tested on Windows XP August 20, 2006MegaSecurity