by ?
Written in C, compressed with UPX
dropped files: c:\WINDOWS\system32\taskcfg.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\all_windows_keygen.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\Battlefield1942_bloodpatch.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\bootdisk2k.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\command.com Size: 30,240 bytes c:\WINDOWS\system32\IME\enter_the_matrix_crack.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\enter_the_matrix_trainer4.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\format.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\goldfish.scr Size: 30,240 bytes c:\WINDOWS\system32\IME\keygen.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\photoshop_7_crack.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\photoshop_7_keygen.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\Porn.exe Size: 30,240 bytes c:\WINDOWS\system32\IME\windows.scr Size: 30,240 bytes c:\WINDOWS\system32\IME\winnt.exe Size: 30,240 bytes added to registry: HKEY_CURRENT_USER\Software\KAZAA\LocalContent "Dir0" data: 012345:C:\WINDOWS\System32\ime\ h� � � �� pM�wh� >K�w�� ( � � ( �� P�w�� ( �M�w� � HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Explorer" data: taskcfg.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "Internet Explorer" data: taskcfg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Internet Explorer" data: taskcfg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Internet Explorer" data: taskcfg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Internet Explorer" data: taskcfg.exe tested on Windows XP January 24, 2006MegaSecurity