(Backdoor.Win32.Delf.zc)
by Gabman
Written in Delphi, compressed with FSG
Made in Thailand
dropped files: c:\WINDOWS\mshost.exe Size: 474,897 bytes c:\WINDOWS\restore.vbs Size: 179 bytes c:\WINDOWS\xpcore.dll Size: 50,688 bytes deleted: c:\WINDOWS\system32\Restore\MachineGuid.txt port: 7000, 7001, 7002 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Service" data: C:\WINDOWS\mshost.exe HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows "XP_CORE" tested on Windows XP October 21, 2005MegaSecurity