by ?
Written in Delphi
Server: dropped files: c:\WINDOWS\system\backup.exe Size: 738,304 bytes c:\WINDOWS\system32\backup.exe Size: 738,304 bytes c:\WINDOWS\system32\nvsvb32.exe Size: 738,304 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "NeroChecks" data: C:\WINDOWS\System32\NeroChek.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "nvsvc32" data: C:\WINDOWS\System32\nvsvb32.exe attempts to connect to an IRC Server tested on Windows XP October 19, 2005MegaSecurity