by huaxingin & tengzhenin
Written in Delphi
Released in March 2002
Made in China
Client:
size: 588.800 bytes
port: 2101, 2222 TCP
Servers:
c:\WINDOWS\SYSTEM\GIRL.EXE
c:\WINDOWS\TEMP\Rundll32.exe
c:\WINDOWS\SYSTEM\WinPlayer.EXE
size: 255.992 bytes
port: 1133, 1183, 6711, 8311 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
MegaSecurity