by ?
Written in Visual Basic
dropped file: c:\WINDOWS\system32\TROV.EXE size: 110,592 bytes port: 3500 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Dthnlk" data: C:\WINDOWS\SYSTEM32\TROV.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Abx" data: C:\WINDOWS\SYSTEM32\TROV.EXE HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\Camlq "Path" data: C:\WINDOWS\SYSTEM32\TROV.EXE can disable some anti-virus programs tested on Windows XP March 02, 2005MegaSecurity