by ?
dropped file: c:\WINDOWS\system32\recycler.exe size: 45,056 bytes port: 65535 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "ProductRun" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List "C:\WINDOWS\System32\recycler.exe" data: C:\WINDOWS\System32\recycler.exe:*:enabled:@xpsp2res.dll,-22005 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List "6667:TCP" data: 6667:TCP:*:Enabled:@xpsp2res.dll,-22005 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\System32\recycler.exe" data: C:\WINDOWS\System32\recycler.exe:*:enabled:@xpsp2res.dll,-22005 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "6667:TCP" data: 6667:TCP:*:Enabled:@xpsp2res.dll,-22005 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List "C:\WINDOWS\System32\recycler.exe" data: C:\WINDOWS\System32\recycler.exe:*:enabled:@xpsp2res.dll,-22005 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List "6667:TCP" data: 6667:TCP:*:Enabled:@xpsp2res.dll,-22005 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\System32\recycler.exe" data: C:\WINDOWS\System32\recycler.exe:*:enabled:@xpsp2res.dll,-22005 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "6667:TCP" data: 6667:TCP:*:Enabled:@xpsp2res.dll,-22005 attempts to connect to an IRC Server tested on Windows XP April 01, 2006MegaSecurity