Net-Devil 1.1 (d) Server
(Backdoor.Win32.NetDevil.11.d)

by Nilez

Written in Delphi

more versions 


Server:
dropped file:
c:\WINDOWS\SYSTEM\SHELLAPI.EXE
size: 603.136 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "ShellApi"
data: C:\WINDOWS\SYSTEM\SHELLAPI.EXE 

tested on Windows 98
February 04, 2006
MegaSecurity