by Saeid Bostandoust
Written in Visual Basic
Released in June 2008
Server Dropped Files: c:\WINDOWS\system32\drivers\SymRediri.exe Size: 393,216 bytes c:\WINDOWS\system32\drivers\YMSG12ENCRYPT.dll Size: 90,112 bytes Added to Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SymRediri" Data: C:\WINDOWS\system32\drivers\SymRediri.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" Old data: Explorer.exe New data: Explorer.exe C:\WINDOWS\system32\drivers\SymRediri.exe Tested on Windows XP June 17, 2008MegaSecurity