by ?
Written in Delphi
dropped files: c:\WINDOWS\system32\svshost.exe Size: 982,787 bytes c:\WINDOWS\Temp\ssshost.exe Size: 982,787 bytes startup: HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" old data: "%1" %* new data: C:\WINDOWS\System32\svshost.exe "%1" %* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft" data: C:\WINDOWS\System32\svshost.exe tested on Windows XP October 13, 2005MegaSecurity