by ?
Written in Borland C++, compressed with UPX
dropped file: c:\WINDOWS\SCANREGW.EXE size: 222,209 bytes port: 113 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" data: C:\WINDOWS\scanregw.exe /autorun The text string "War Gibbon v0.60C [DeRS Edition]" can be found in the executable. tested on Windows XP March 16, 2005MegaSecurity