by ?
Original Filename unknown
Written in Delphi
dropped file:
c:\WINDOWS\system32\winupdate2.exe
size: 67,584 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EC0745F-CAD3-628A-48E9-02B9AFEC8E74} "StubPath"
data: C:\WINDOWS\System32\winupdate2.exe ����
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "RunProg"
data: C:\WINDOWS\System32\winupdate2.exe
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodial"
data: 00, 00, 00, 00
tested on Windows XP
August 21, 2005
MegaSecurity