by System33r
aka Windows Uptime
Written in Visual Basic
Released in September 2003
Server: dropped file: c:\WINNT\system32\addon.exe port: 113 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Wininit Command" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Windows Wininit Command" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" added: c:\WINNT\system32\addon.exe size: 61.472 bytes tested on win2000MegaSecurity