|
|
by Gargamel
Written in Visual C++
Released in August 2004
|
|
|
Server:
dropped file:
c:\WINNT\server.exe
size: 12.980 bytes (compressed)
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "bla"
data: C:\WINNT\server.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce "*bla"
data: C:\WINNT\server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{882B8403-5C5B-5B4A-2A0E-38C1E730B0E2} "StubPath"
data: C:\WINNT\server.exe 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "bla"
data: C:\WINNT\server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "*bla"
data: C:\WINNT\server.exe
tested on win2000
MegaSecurity