by ?
Original Filename unknown
Written in Delphi
Related to Backdoor.Win32.Delf.iv and Backdoor.Win32.Delf.hq
dropped files: c:\WINDOWS\svchost.exe Size: 624,640 bytes c:\WINDOWS\Temp\ssshost.exe Size: 624,640 bytes startup: HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" old data: "%1" %* new data: C:\WINDOWS\svchost.exe "%1" %* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft" data: C:\WINDOWS\svchost.exe tested on Windows XP October 21, 2005MegaSecurity