by ?
Original name unknown
Written in Delphi, compressed with Petite
Probably made in Russia
dropped files: c:\WINDOWS\rid3.bat Size: 2,271 bytes c:\WINDOWS\riddle3.000 Size: 243,338 bytes c:\WINDOWS\riddle3.001 Size: 12,166 bytes c:\WINDOWS\riddle3.002 Size: 12,166 bytes c:\WINDOWS\riddle3.003 Size: 12,166 bytes c:\WINDOWS\riddle3.004 Size: 12,166 bytes c:\WINDOWS\riddle3.005 Size: 12,166 bytes c:\WINDOWS\riddle3.006 Size: 12,166 bytes c:\WINDOWS\riddle3.007 Size: 12,166 bytes c:\WINDOWS\riddle3.008 Size: 12,166 bytes c:\WINDOWS\riddle3.009 Size: 12,166 bytes c:\WINDOWS\riddle3.010 Size: 12,166 bytes c:\WINDOWS\riddle3.011 Size: 12,166 bytes c:\WINDOWS\riddle3.012 Size: 12,166 bytes c:\WINDOWS\riddle3.013 Size: 12,166 bytes c:\WINDOWS\riddle3.014 Size: 12,166 bytes c:\WINDOWS\riddle3.015 Size: 12,166 bytes c:\WINDOWS\riddle3.016 Size: 12,166 bytes c:\WINDOWS\riddle3.017 Size: 12,166 bytes c:\WINDOWS\riddle3.018 Size: 12,166 bytes c:\WINDOWS\riddle3.019 Size: 12,166 bytes c:\WINDOWS\riddle3.020 Size: 12,184 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Riddle" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Riddle" tested on Windows XP January 18, 2006MegaSecurity