by P0ke
Written in Delphi, source included
Released in March 2005
dropped file: c:\WINDOWS\system32\stubbish.exe size: 107,520 bytes following existing files were overwritten: c:\Davory\crk.exe old size: 18,069 bytes new size: 125,608 bytes c:\Davory\Davory.exe old size: 473,088 bytes new size: 580,628 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe stubbish.exe tested on Windows XP April 11, 2005MegaSecurity