by huaxingin & tengzhenin
patched by Skyfire
Written in Delphi
Released in September 2001
Made in China
Server:
C:\WINDOWS\TEMP\Rundll.exe
C:\WINDOWS\SYSTEM\GIRL.EXE
size: 274.944 bytes
port: 6711, 8311 TCP
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)"
HKCR\txtfile\shell\open\command "(Default)"
Added:
C:\WINDOWS\SYSTEM\WinPlayer.EXE
MegaSecurity