by ?
Released in February 2006
Made in Turkey
Server:
dropped file:
c:\WINDOWS\_msn.exe Size: 7,680 bytes
c:\WINDOWS\_pnc.dat Size: 182 bytes
c:\WINDOWS\dxdiag.exe Size: 324,096 bytes
c:\WINDOWS\system32\_dxdiag.exe Size: 324,096 bytes
c:\WINDOWS\system32\_fps.dat Size: 0 bytes
c:\WINDOWS\system32\_fps.exe Size: 15,795 bytes
c:\WINDOWS\system32\_icq.dll Size: 7,168 bytes
c:\WINDOWS\system32\_key.dll Size: 24,576 bytes
c:\WINDOWS\system32\_mps.dat Size: 0 bytes
c:\WINDOWS\system32\_mps.exe Size: 14,259 bytes
c:\WINDOWS\system32\_pnc.dat Size: 182 bytes
c:\WINDOWS\system32\_pnc.exe Size: 7,680 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BTT9AE78-87RT-11dW-2944-FF034297} "StubPath"
data: C:\WINDOWS\System32\_dxdiag.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "Microsoft DirectX Diagnostic Tool"
data: C:\WINDOWS\dxdiag.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR"
old data: 00, 00, 00, 00
new data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: Explorer.exe C:\WINDOWS\dxdiag.exe
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq\DefaultPrefs
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
tested on Windows XP
September 14, 2006
MegaSecurity