by ?
Written in Delphi
Released in May 2004
Made in China
Server: port: 5328 TCP dropped files: c:\WINNT\system32\iplog.dll size: 658.944 bytes c:\WINNT\system32\ipsnow.exe size: 331.840 bytes c:\WINNT\system32\Tsnow.dll size: 658.944 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ipsnow" data: C:\WINNT\system32\ipsnow.exe registry added: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WinOlaApp "Disable" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan\C$ tested on win2000MegaSecurity