Netsys 4.6
(Backdoor.Win32.Delf.oj)

by Zhou Jian

Written in Delphi

Released in October 2004

Made in China

more versions 


Server:
dropped files:
c:\Program Files\Remote\RUNDLLL.exe  size: 523.264 bytes 
c:\Program Files\Remote\setup.ini    size: 43 bytes 

port: 4778, 4779 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "sys"
data: C:\Program Files\Remote\RUNDLLL.exe 
 
tested on win2000
MegaSecurity