by ToxicFrog
Written in Visual Basic
Released in August 2005
Made in Iran
Server:
dropped file:
c:\WINDOWS\Help\9291SVCHOST.EXE
size: 17,048 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479B6D0-OTRW-U5GH-S1EE-E0AC10B4E9941929} "StubPath"
data: C:\WINDOWS\help\9291SVCHOST.EXE -tx
tested on Windows XP
September 16, 2005
MegaSecurity