Real name is unknown

Written in Delphi

Made in China

more in this category

Dropped files:
c:\WINDOWS\LMir.exe              size: 435.200 bytes 
c:\WINDOWS\SYSTEM\Comir.exe      size: 435.200 bytes 
c:\WINDOWS\SYSTEM\Finalmir.exe   size: 435.200 bytes 
c:\WINDOWS\SYSTEM\Spying.exe     size: 435.200 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "LMir"
data: C:\WINDOWS\LMir.exe 

HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
old data: C:\WINDOWS\NOTEPAD.EXE %1 
new data: C:\WINDOWS\SYSTEM\Comir.exe %1 

c:\windows\system.ini, [boot] "shell"
old value: Explorer.exe 
new value: Explorer.exe C:\WINDOWS\SYSTEM\Finalmir.exe 

c:\windows\win.ini, [windows] "run"
old value: 
new value: C:\WINDOWS\SYSTEM\Spying.exe 



tested on Windows 98
February 22, 2005