|
by Mansouri
Written in Visual Basic
Released in July 2008
|
|
Server Dropped Files: c:\WINDOWS\system32\Sys32.exe Size: 131,072 bytes c:\WINDOWS\system32\Sys321.exe Size: 131,072 bytes Added to Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" Data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskmgr" Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Update" Data: C:\WINDOWS\system32\Sys32.exe Tested on Windows XP September 26, 2008MegaSecurity