shown by server
by ?
Original Filename unknown
Written in Delphi
dropped files: c:\WINDOWS\SYSTEM\winupdate.exe size: 61.820 bytes c:\WINDOWS\SYSTEM\z_ins.lg size: 49 bytes port: 1080, 32123 TCP added to registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Kernel HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "winupdate.exe" data: C:\WINDOWS\SYSTEM\winupdate.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "winupdate.exe" data: C:\WINDOWS\SYSTEM\winupdate.exe After reboot the backdoor does try to connect to an FTP server.MegaSecurity