by A-D-M
Written in Visual Basic
Released in July 1999
server:
dropped files:
c:\msdos.win
Date: 4/15/2004 3:01 PM
Size: 0 bytes
c:\sys.lon
Date: 7/14/1999 3:07 AM
Size: 232,960 bytes
c:\win.dos
Date: 11/12/2004 4:58 PM
Size: 0 bytes
c:\Program Files\Mdm.exe size: 232.960 bytes
c:\Program Files\Memory manger26\data.dll size: 232.960 bytes
c:\Program Files\Memory manger26\data.z size: 17.408 bytes
c:\Program Files\Memory manger26\mem.dll size: 24.064 bytes
c:\Program Files\Memory manger26\Memmanage.exe size: 17.408 bytes
c:\Program Files\Memory manger26\Msys.z size: 8.704 bytes
c:\Program Files\Memory manger26\Data\Datar.reg size: 406.016 bytes
c:\Program Files\Memory manger26\Data\mem.z size: 611.840 bytes
c:\Program Files\Memory manger26\Data\su.z size: 1.413 bytes
c:\WINNT\Wings32.reg size: 232.960 bytes
c:\WINNT\winstart.bat size: 86 bytes
c:\WINNT\system\GDIres.reg size: 406.016 bytes
c:\WINNT\system\Gdiserv.drv size: 611.840 bytes
c:\WINNT\system\Gdisrv.reg size: 1.413 bytes
c:\WINNT\system\Kernal32.exe size: 232.960 bytes
c:\WINNT\system\Wings32.drv size: 232.960 bytes
port: 1015 TCP
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Ms tesk"
data: c:\Program Files\Mdm.exe
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\Ava "Path"
data: C:\WINNT\system\Kernal32.exe
c:\Documents and Settings\%user%\Start Menu\Programs\Memory manger Folder\Memmanage.exe
MegaSecurity