by ?
Written in Delphi
Released in June 2003
Made in China
Server: dropped files: c:\WINDOWS\SYSTEM\iplog.exe c:\WINDOWS\SYSTEM\ipsnow.exe c:\WINDOWS\sk.exe size: 244.236 bytes port: 5328 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Snow" c:\windows\win.ini, [windows] "run" added: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WinOlaApp "Disable" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\C$ "Flags"MegaSecurity