Demon-Ps 2.1
(Trojan-Spy.Win32.VB.nx)
(Trojan-PSW.Win32.VB.jr for Server)

by Masoud Azimi

Written in Visual Basic

Released in August 2006

Made in Iran

more versions 




Server:
dropped files:
c:\WINDOWS\system32\Volume61.exe       Size: 35,892 bytes 
c:\WINDOWS\system32\drivers\asd.exe    Size: 9,270 bytes 
c:\WINDOWS\system32\drivers\D.Txt      Size: 0 bytes 
c:\WINDOWS\system32\drivers\g.bat      Size: 80 bytes 
c:\WINDOWS\system32\drivers\S.BAT      Size: 74 bytes 
	
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "Regedit 32"
data: C:\WINDOWS\System32\Volume61.exe 
	
	
	
	
tested on Windows XP
August 21, 2006
MegaSecurity