by Masoud Azimi
Released in November 2006
Made in Iran
Server: dropped files: c:\WINDOWS\system32\Volume106.exe Size: 28,403 bytes c:\WINDOWS\system32\drivers\S.BAT Size: 74 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "Regedit 32" data: C:\WINDOWS\System32\Volume106.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "Regedit 32" data: C:\WINDOWS\System32\Volume106.exe tested on Windows XP November 24, 2006MegaSecurity