by GEDZAC LABS
Written in Visual Basic, compressed with UPX
dropped file: c:\WINDOWS\svshots.exe size: 16,896 bytes port: 3667 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "svshots" data: C:\WINDOWS\svshots.exe HKEY_LOCAL_MACHINE\SOFTWARE\GedzacLabs "Title" data: GedBot by GEDZAC LABS attempts to connect to an IRC Server tested on Windows XP August 19, 2005MegaSecurity