by ?
Written in Delphi
Released in March 2003
Made in China
Server: dropped files: c:\WINDOWS\sk.exe c:\WINDOWS\SYSTEM\plog.exe c:\WINDOWS\SYSTEM\swon4.exe size: 242.193 bytes port: 5328 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Snow" c:\windows\win.ini, [windows] "run" added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WinOlaApp "Disable" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\C$ "Flags"MegaSecurity