by Zhou Jian
Written in Delphi
Released in December 2004
Made in China
Server: dropped file: c:\Program Files\Remote\RUNDLLL.exe size: 527,872 bytes c:\Program Files\Remote\setup.ini size: 48 bytes port: 4778, 4779 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "sys" data: C:\Program Files\Remote\Rundlll.exe tested on win2000 February 06, 2005MegaSecurity