MServ (a)
(Backdoor.Win32.MServ.a)

by ?

Written in Delphi 


 


dropped file:
c:\WINDOWS\Windll.exe 

size: 344,576 bytes 

port: 13013 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Windll.exe"
MegaSecurity