Original Filename unknown

Written in Delphi, compressed with Petite

more in this category

message box displayed by backdoor

file replaced:
c:\WINDOWS\SCANREGW.EXE
old size: 90.112 bytes 
new size: 171.243 bytes 

deleted:
c:\WINDOWS\REGEDIT.EXE
c:\WINDOWS\SYSTEM\MSCONFIG.EXE

added to registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "scanreg"
data: C:\WINDOWS\scanregw.exe /autorun 




tested on Windows 98
May 01, 2005