"An "Xbox emulator" currently being offered for free on the Web is actually a Trojan horse
designed to covertly rack up money for its authors using pay-for-click and other schemes,
malicious code experts said. 
Instead of enabling users to run popular Xbox games such as "Halo" on their PCs,
executing the fake emulator's installation program, "EMU_xbox.exe",
merely produces error messages." 
according to www.newsbytes.com.



Dropper:
EMU_xbox.exe
size: 66 KB


Server:
C:\windows\system\NetBUIE.exe 
Runs invisable

size: 108 KB

port:
random between 1000 and 1100 TCP

server made contact to
IP 209.75.20.28 (Verio, Inc. Englewood, US) and
   204.71.191.241 (Global Crosing, Palo Alto, US) 

   
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
HKLM\Software\Microsoft\Windows\Run 


Added:
c:\WINDOWS\Cookies\m_r@hitbox(1).txt 
c:\WINDOWS\Cookies\m_r@hg1_hitbox(2).txt 

c:\WINDOWS\SYSTEM\NBconfig.exe 


Remarks:
added on next reboot: 
c:\WINDOWS\Cookies\m_r@hg1_hitbox(3).txt 
c:\WINDOWS\Cookies\m_r@hitbox(3).txt 

deleted on next reboot:
c:\WINDOWS\Cookies\m_r@hg1_hitbox(2).txt 
c:\WINDOWS\Cookies\m_r@hitbox(1).txt 

this alternates on next bootups.