by ?
Original name unknown
Written in Delphi
dropped files: c:\WINDOWS\ÿ.exe size: 542.720 bytes c:\WINDOWS\system32\WINNT386.EXE size: 542.720 bytes port: 1980 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ÿ" data: ÿ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "ÿ" data: ÿ HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" old data: %SystemRoot%\system32\NOTEPAD.EXE %1 new data: C:\WINDOWS\System32\WINNT386.EXE "%1" tested on Windows XP December 27, 2004MegaSecurity