by Dagger
Written in Delphi
Released in May 2006
Made in China
Server: dropped file: c:\WINDOWS\system32\Setup\rumdll32.exe size: 48,640 bytes startup: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCHOST\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svchost HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCHOST\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svchost tested on Windows XP April 12, 2007MegaSecurity