by Zhou Jian
Written in Delphi
Released in October 2006
Made in China
Server: dropped file: c:\WINDOWS\system32\ZRundlll.exe size: 275,502 bytes port: 4778 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZRundlll\Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZRundlll\Security tested on Windows XP October 20, 2006MegaSecurity