by Near Mohists
Written in Visual Basic
Released in March 2003
Made in China
Server: dropped file: c:\WINDOWS\SYSTEM\SYSRTAY.EXE size: 139.264 bytes port: 1001, 7253 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion "SysJInB" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion "SysPort" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Systemty" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Systemty"MegaSecurity