by KiPSOFT
Released in July 2007
Made in Turkey
Server dropped file: c:\WINDOWS\gar.exe Size: 2,083,056 bytes c:\WINDOWS\system32\drivers\oreans32.sys Size: 33,824 bytes added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Gar" data: C:\WINDOWS\gar.exe HKEY_LOCAL_MACHINE\SOFTWARE\WinLicense HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OREANS32\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 tested on windows XP August 20, 2007MegaSecurity