by tangse
Released in June 2001
Made in China
Server dropped files: c:\WINDOWS\winns.exe Size: 18,496 bytes c:\WINDOWS\system32\syss.exe Size: 18,496 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msgserv_" data: C:\WINDOWS\System32\syss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe winns.exe tested on Windows XP June 25, 2007MegaSecurity