by Neo and KB
Written in Visual Basic
Server: size: 221.184 bytes dropped files: c:\autoexec.exe size: 221.184 bytes c:\io.dll size: 50 bytes c:\WINDOWS\mss01.exe size: 221.184 bytes c:\WINDOWS\sprocks.bmp size: 50 bytes c:\WINDOWS\wrgf.exe size: 221.184 bytes c:\WINDOWS\SYSTEM\diskf.dll size: 50 bytes c:\WINDOWS\SYSTEM\log boot.exe size: 221.184 bytes c:\WINDOWS\SYSTEM\msgr.exe size: 221.184 bytes c:\WINDOWS\SYSTEM\reginf.ret size: 50 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system "DisableTaskMgr" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "bootlogfile" data: C:\WINDOWS\SYSTEM\log boot.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "msmsg" data: C:\WINDOWS\wrgf.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "msmsgr" data: C:\WINDOWS\DESKTOP\BACKDOOR.RETRIBUTION.30.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Norton antivirus scan" data: C:\WINDOWS\mss01.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "office decryptfiles" data: C:\WINDOWS\SYSTEM\msgr.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "start bat file" data: c:\autoexec.exe Size: 26 bytes