by ?
Written in Delphi
dropped files: c:\WINDOWS\winsys32.exe size: 377,251 bytes port: 3743 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "systemdll.dll" data: winsys32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "(Default)" data: winsys32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "systemdll.dll" data: winsys32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe winsys32.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: winsys32.exe tested on Windows XP January 06, 2006MegaSecurity