by Neishei131
Written in Delphi
Released in September 2008
Made in China/font>
Server: Dropped Files: c:\WINDOWS\system32\s1dwANwmz4.ini Size: 3 bytes c:\WINDOWS\system32\drivers\etc\ipopJn6N.dll Size: 147,456 bytes Added to Registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SRAT_Service "ImagePath" Data: %SystemRoot%\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SRAT_Service\Parameters "ServiceDLL" Data: %SystemRoot%\system32\drivers\etc\ipopJn6N.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRAT_Service\Parameters "ServiceDLL" Data: %SystemRoot%\system32\drivers\etc\ipopJn6N.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRAT_Service "ImagePath" Data: %SystemRoot%\System32\svchost.exe -k netsvcs Tested on Windows XP October 17, 2008MegaSecurity