by Zhou Jian
Written in Delphi
Released in January 2005
Made in China
Client: port: 4777 TCP Server: dropped file: c:\Program Files\Remote\Rundlll.exe size: 610,402 bytes port: 4778, 4779 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "sys" data: C:\Program Files\Remote\Rundlll.exe tested on win2000 February 06, 2005MegaSecurity