Written in Delphi

Server:
dropped files:
c:\WINDOWS\SYSTEM\Icd.exe 
c:\WINDOWS\SYSTEM\kbdPlug.dll 
c:\WINDOWS\SYSTEM\Nzrue32.exe 

port: 21691 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Icd" 

server connects to a FTP server in Czechoslovakia (ftp.volny.cz)