by ?
Written in Microsoft Visual C++, compressed with UPX
Origin: China
dropped files: c:\Documents and Settings\All Users\Start Menu\Programs\Startup\dx32cxlp.exe size: 242,688 bytes c:\WINDOWS\system32\dx32cxlp.exe size: 242,688 bytes c:\WINDOWS\system32\iexp1orer.exe size: 17,920 bytes c:\WINDOWS\system32\SVKP.sys size: 2,368 bytes c:\WINDOWS\system32\systemst.exe size: 242,688 bytes port: 14611 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer "mutexname" data: rJQTTPI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "iestart" data: C:\WINDOWS\System32\iexp1orer.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVKP HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SVKP tested on Windows XP January 14, 2005MegaSecurity