by Zhou Jian
Written in Delphi
Released in March 2005
Made in China
Client: port: 6678, 4777 TCP Server: dropped file: c:\Program Files\Remote\Rundlll.exe size: 611,893 bytes port: 4778 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Rundlll" data: C:\Program Files\Remote\Rundlll.exe tested on win2000 April 27, 2005MegaSecurity