Rwins

Rwins
(Backdoor.Rwins)

by ?

Written in Visual Basic




Server:
c:\WINDOWS\SYSTEM\BACKDOOR.RWINS.exe 

size: 237,568 bytes 

port: 23000, 23001, 23002 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 

dropped files:
c:\WINDOWS\SYSTEM\BACKDOOR.RWINS.exe 
c:\WINDOWS\SYSTEM\mswin.dat

MegaSecurity