by xT-Dart-Tx
Written in Visual Basic
Released in December 2007
Server Dropped Files: c:\WINDOWS\system32\drivers\services.exe Size: 7,168 bytes c:\WINDOWS\system32\drivers\winlogon.exe Size: 50,755 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Services" Data: C:\WINDOWS\System32\drivers\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Winlogon" Data: C:\WINDOWS\System32\drivers\winlogon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Services" Data: C:\WINDOWS\System32\drivers\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Winlogon" Data: C:\WINDOWS\System32\drivers\winlogon.exe Tested on Windows XP December 27, 2007MegaSecurity