Netsys 2.0
(Backdoor.Win32.Delf.ob)

by Zhou Jian

Written in Delphi

Released in April 2004

Made in China

more versions 


Server:
c:\WINNT\RUNDLLL.EXE 

size: 338.944 bytes

port: 4778 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run "KAV"
data: C:\WINNT\RUNDLLL.EXE

deleted:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

tested on win2000
MegaSecurity