PS-Ware IE PS 1.8.16

PS-Ware IE PS 1.8.16
(Trojan-PSW.Win32.VB.it)

by Impostor

Written in Visual Basic

Made in Iran





Server:
dropped files:
c:\WINDOWS\system32\regm.dat              Size: 0 bytes 
c:\WINDOWS\system32\regsvr.exe            Size: 50,176 bytes 
c:\WINDOWS\system32\WinIPV9.dll           Size: 11,828 bytes 
c:\WINDOWS\system32\drivers\Tioner.exe    Size: 50,176 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "regsvr.exe "
data:  C:\WINDOWS\System32\regsvr.exe   

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{z6B2445-1963-9142-A0DB-DBDB9E15FB9z} "StubPath"
data: C:\WINDOWS\System32\drivers\Tioner.exe sysdir 



tested on Windows XP
October 30, 2006

MegaSecurity