by ?
Written in Delphi
dropped files: c:\WINDOWS\system\backup.exe Size: 738,304 bytes c:\WINDOWS\system32\backup.exe Size: 738,304 bytes c:\WINDOWS\system32\nvsvb32.exe Size: 738,304 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "NeroChecks" data: C:\WINDOWS\System32\NeroChek.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "nvsvc32" data: C:\WINDOWS\System32\nvsvb32.exe tested on Windows XP August 16, 2005MegaSecurity