by GuEvArA De La SeRnA
Written in Visual Basic
Released in May 2005
Made in Turkey
Server: dropped file: c:\WINDOWS\system32\drivers\svchost.exe size: 53,248 bytes port: 13000 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" data: 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(Default)" data: regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "server" data: %local dir%\server.exe tested on Windows XP February 27, 2006MegaSecurity