message box displayed by backdoor
by ?
Written in Delphi
dropped files: c:\WINDOWS\Rundll32_.pif Size: 365.056 bytes c:\WINDOWS\SYSTEM\rundll16.pif Size: 365.056 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "LoadPowerProfile" old data: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme new data: C:\WINDOWS\system\rundll16.pif HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IE4" data: C:\WINDOWS\Rundll32_.pif HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IE5" tested on Windows 98 April 30, 2005MegaSecurity