Written in Visual Basic

Released in April 2006

Server:
dropped file:
c:\WINDOWS\system32\Knrl32.exe          Size: 19,167 bytes 
c:\WINDOWS\system32\SystemLoader.exe    Size: 19,167 bytes 

startup:
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
old data: %SystemRoot%\system32\NOTEPAD.EXE %1 
new data: SystemLoader.exe opext C:\WINDOWS\\system32\notepad.exe %1 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Kernel"
data: C:\WINDOWS\System32\Knrl32.exe /au 


tested on Windows XP
April 02 2006