by ?
Original name unknown
Written in Delphi
dropped files: c:\WINDOWS\system32\notepd.exe Size: 113,152 bytes c:\WINDOWS\system32\QoSRSVP.exe Size: 113,152 bytes c:\WINDOWS\system32\QQLdr.exe Size: 113,152 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\netcache HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDPWD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDTCP HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDPWD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDTCP HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP\Enum HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" old data: new data: C:\WINDOWS\System32\QoSRSVP.exe HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" old data: %SystemRoot%\system32\NOTEPAD.EXE %1 new data: C:\WINDOWS\System32\notepd.exe %1 tested on Windows XP July 25, 2005MegaSecurity