Netsys 3.9
(Backdoor.Win32.Delf.oj)
(Backdoor.Win32.Delf.pm)

by Zhou Jian

Written in Delphi

Released in June 2004

Made in China

more versions 


Server:
c:\Program Files\Remote\RUNDLLL.exe

size: 524,288 bytes
 
port: 4778, 4779 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "sys"
data: C:\Program Files\Remote\RUNDLLL.exe
 
tested on win2000
MegaSecurity