by Ali Moazemi
Written in Visual Basic
Released in July 2008
Server Dropped Files: c:\WINDOWS\system32\regsvr.exe Size: 91,555 bytes Added to Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "System" Data: regsvr.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stud "ImagePath" Data: %SystemRoot%\System32\oobe\setup\svchost.exe /service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\stud "ImagePath" Data: %SystemRoot%\System32\oobe\setup\svchost.exe /service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stud "ImagePath" Data: %SystemRoot%\System32\oobe\setup\svchost.exe /service Tested on Windows XP September 12, 2008MegaSecurity