by yzkzero
Released in August 2005
Server: dropped files: c:\WINNT\system32\MoonShadow.dll Size: 263,836 bytes c:\WINNT\system32\MoonShadow.exe Size: 311,296 bytes added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe MoonShadow.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP" data: 2046:TCP:*:Enabled HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP" data: 2046:TCP:*:Enabled tested on Windows 2000 September 02, 2005MegaSecurity