Spook 5.3
(Backdoor.Win32.Spookdoor.51)
(Backdoor.Win32.Spookdoor.52)

by sforever

Written in Delphi

Released in June 2005

Made in China

more versions




Server:
dropped file:
c:\WINNT\Help\BHY1978.CHI
size: 251,904 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo


tested on Windows 2000
June 12, 2005

MegaSecurity