by Perl
Written in Delphi
Released in November 2005
Made in China
dropped files: c:\WINDOWS\system32\Protectcs.dll Size: 477,696 bytes c:\WINDOWS\system32\server.exe Size: 572,416 bytes added to registry: HKEY_CLASSES_ROOT\inffile\shell\open\command "(Default)" old data: %SystemRoot%\System32\NOTEPAD.EXE %1 new data: C:\WINDOWS\System32\server.exe HKEY_CLASSES_ROOT\inifile\shell\open\command "(Default)" old data: %SystemRoot%\System32\NOTEPAD.EXE %1 new data: C:\WINDOWS\System32\server.exe tested on Windows XP December 24, 2005MegaSecurity