by ?
Written in Microsoft Visual C++, compressed with PECompact
Backdoor.Win32.Dewin.g: dropped files: c:\WINDOWS\Asfwin.sys size: 58 bytes c:\WINDOWS\Svchost.exe size: 47.616 bytes port: 26409 TCP startup: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "SystemReg" data: C:\WINDOWS\Svchost.exe run HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run "SystemReg" data: C:\WINDOWS\Svchost.exe run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SystemReg" data: C:\WINDOWS\Svchost.exe run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "ID" data: 391023452 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SystemReg" data: C:\WINDOWS\Svchost.exe run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "SystemReg" data: C:\WINDOWS\Svchost.exe run tested on Windows XP December 16, 2004MegaSecurity