by SkD
Written in Visual Basic
Released in June 2005
Server: dropped files: c:\templog.txt c:\WINDOWS\eimsn.exe Size: 57,344 bytes c:\WINDOWS\system32\rewt\hook.dll Size: 34,816 bytes c:\WINDOWS\system32\rewt\microsoft_guid.dat Size: 10 bytes c:\WINDOWS\system32\rewt\server.exe Size: 159,436 bytes c:\WINDOWS\system32\rewt\serveree.exe Size: 23,644 bytes port: 1234 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" old data: new data: C:\WINDOWS\system32\rewt\server.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REWT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rewt HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\c HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_REWT HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rewt tested on Windows XP June 22, 2005MegaSecurity