by NinjaSpy
Written in Delphi
Released in July 2004
Made in Brazil
Server: dropped files: c:\WINDOWS\Regedit.ocx Size: 835,076 bytes c:\WINDOWS\system32\drwtsn32.bat Size: 835,076 bytes c:\WINDOWS\system32\Explorer.dll Size: 835,076 bytes c:\WINDOWS\system32\Shell32.sys Size: 835,076 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINDOWS\Regedit.ocx HKEY_CLASSES_ROOT\dllfile\shell\open\command "(Default)" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows Kernel" data: C:\WINDOWS\System32\drwtsn32.bat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe C:\WINDOWS\System32\Explorer.dll tested on Windows XP September 05, 2007MegaSecurity