by Zhou Jian
Written in Delphi
Released in August 2005
Made in China
Server: dropped file: c:\WINNT\system32\ZRundlll.exe size: 497,261 bytes port: 4778 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZRundlll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZRundlll tested on win2000 August 27, 2005MegaSecurity