by Zhou Jian
Written in Delphi
Released in February 2005
Made in China
Client: port: 6678, 4777 TCP Server: dropped file: c:\Program Files\Remote\Rundlll.exe size: 612,917 bytes port: 4778 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rundlll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\freerwx HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\freerwx\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\freerwx HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\freerwx\Security tested on win2000 March 06, 2005MegaSecurity