by ?
Compressed with PECompact 2.0
MegaSecurity
dropped files: c:\WINDOWS\system32\scvvhost.exe size: 119,296 bytes c:\WINDOWS\Temp\C27D8FEF-D7AE-42c0-82E6-F30598265639.exe size: 3,584 bytes changes to registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows Update" Old data: svcshost.exe New data: scvvhost.exe HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce "Microsoft Windows Update" Old data: svcshost.exe New data: scvvhost.exe HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows Update" Old data: svcshost.exe New data: scvvhost.exe HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce "Microsoft Windows Update" Old data: svcshost.exe New data: scvvhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows Update" Old data: svcshost.exe New data: scvvhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Microsoft Windows Update" Old data: svcshost.exe New data: scvvhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Windows Update" Old data: svcshost.exe New data: scvvhost.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Microsoft Update "ImagePath" Old data: "C:\WINDOWS\System32\svcshost.exe" -netsvcs New data: "C:\WINDOWS\System32\scvvhost.exe" -netsvcs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft Update "ImagePath" Old data: "C:\WINDOWS\System32\svcshost.exe" -netsvcs New data: "C:\WINDOWS\System32\scvvhost.exe" -netsvcs tested on Windows XP April 21, 2005