Fake Error Box by Backdoor
by ?
Original name unknown
Written in Delphi
dropped file: c:\WINDOWS\navawp32.exe size: 229,943 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispCPL" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableRegistryTools" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "NoDispCPL" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Explorer" data: C:\WINDOWS\navawp32.exe tries to download data from http://www.alibabanet.net tested on Windows XP June 01, 2005MegaSecurity