by ?
Original Filename: lolllolllolllolololo.exe
Released in October 2004
dropped file: c:\WINDOWS\system32\msiexec16.exe size: 459.159 bytes port: 3410 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\RAS AutoDial\Control "DisableConnectionQuery" data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial" data: 00, 00, 00, 00 HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodial" data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS AutoDial\Control "DisableConnectionQuery" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS AutoDial\Control "LoginSessionDisable" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial" data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "GLSetIT32" data: c:\windows\system32\msiexec16.exe tested on Windows XPMegaSecurity