|
by Peyman
Released in March 2007
Made in Iran
|
|
Server: dropped files: c:\Documents and Settings\%user%\Local Settings\lsass.exe Size: 68,873 bytes c:\WINDOWS\Help\CMDDLGNT.CHI Size: 4 bytes c:\WINDOWS\inf\syspach.com Size: 68,873 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System "DisableCMD" data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NOD32" data: C:\Documents and Settings\%user%\Local Settings\lsass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe C:\WINDOWS\inf\syspach.com tested on Windows XP May 15, 2007MegaSecurity