by pswin.pooya
Written in Visual Basic
Released in April 2006
Made in The Middle East
Server:
dropped files:
c:\WINDOWS\system32\regsvr.exe Size: 50,176 bytes
c:\WINDOWS\system32\WinIPV9.dll Size: 11,828 bytes
c:\WINDOWS\system32\drivers\Tioner.exe Size: 50,176 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{z6B2445-1963-9142-A0DB-DBDB9E15FB9z} "StubPath"
data: C:\WINDOWS\System32\drivers\Tioner.exe sysdir
tested on Windows XP
May 04, 2006
MegaSecurity