by Perl
Written in Delphi
Released in December 2005
Made in China
dropped files: %local dir%\inject.exe Size: 42,496 bytes %local dir%\Protectcs.dll Size: 110,592 bytes %local dir%\root.exe Size: 49,664 bytes c:\Program Files\Internet Explorer\hook.dll Size: 29,696 bytes c:\Program Files\Internet Explorer\inject.exe Size: 42,496 bytes c:\Program Files\Internet Explorer\PMIGRATES.DLL Size: 110,592 bytes c:\Program Files\Internet Explorer\root.exe Size: 49,664 bytes c:\Program Files\Internet Explorer\Srvchost.exe Size: 223,232 bytes startup: HKEY_CLASSES_ROOT\inffile\shell\open\command "(Default)" old data: %SystemRoot%\System32\NOTEPAD.EXE %1 new data: C:\progra~1\intern~1\Srvchost.exe HKEY_CLASSES_ROOT\inifile\shell\open\command "(Default)" old data: %SystemRoot%\System32\NOTEPAD.EXE %1 new data: C:\progra~1\intern~1\Srvchost.exe tested on Windows XP December 26, 2005MegaSecurity