by Mr Army
Written in Delphi
Released in February 2004
Made in China
Server: dropped files: c:\WINNT\?.exe size: 542.720 bytes c:\WINNT\system32\WINNT386.EXE size: 542.720 bytes port: 1980 TCP added to registry: HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" old data: %SystemRoot%\system32\NOTEPAD.EXE %1 new data: C:\WINNT\system32\WINNT386.EXE "%1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "?" data: ? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "?" data: ? tested on Windows 2000 January 01, 2005MegaSecurity