Dewin (k)
(Backdoor.Win32.Dewin.k)

by ?

Compressed with PECompact

more versions 


dropped file:
c:\WINDOWS\Svchost.exe 

size: 48.640 bytes 

port: 9100, 23113, 25449 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SystemReg" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "SystemReg" 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SystemReg" 



added:
c:\WINDOWS\Asfwin.sys
MegaSecurity