by Masoud Azimi
Released in September 2006
Made in Iran
Server: dropped files: c:\WINDOWS\system32\Volume842.exe Size: 24,545 bytes c:\WINDOWS\system32\drivers\i.txt Size: 322 bytes c:\WINDOWS\system32\drivers\S.BAT Size: 74 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "Regedit 32" data: C:\WINDOWS\System32\Volume842.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "Regedit 32" data: C:\WINDOWS\System32\Volume842.exe tested on Windows XP September 03, 2006MegaSecurity