by ?
Written in Delphi
Released in December 2002
Made in China
Server: dropped files: c:\WINDOWS\sk.exe c:\WINDOWS\SYSTEM\plog.exe c:\WINDOWS\SYSTEM\swon4.exe size: 240.640 bytes port: 80, 5328 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Snow" c:\windows\win.ini, [windows] "run" added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WinOlaApp "Disabled" Type: REG_DWORD Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\c$ "Flags" Type: REG_DWORD Data: 2E, 01, 00, 00 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\c$ "Path" Type: REG_SZ Data: C:\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\c$ "Type" Type: REG_DWORD Data: 00, 00, 00, 00MegaSecurity