by Odesa
Released in March 2008
Made in Turkey
Server Dropped Files: c:\WINDOWS\system32\ftdutil.exe Size: 65,536 bytes c:\WINDOWS\system32\ntvxdc.exe Size: 65,536 bytes c:\WINDOWS\system32\wcsydrv.exe Size: 65,536 bytes c:\WINDOWS\system32\wintgtsv.exe Size: 65,536 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Virtual Java" Data: wintgtsv.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Sys Startup" Data: wintgtsv.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start" Data: explorer.exe wintgtsv.exe Tested on Windows XP May 09, 2008MegaSecurity