Backdoor.Win32.VB.abo
(Backdoor.Win32.VB.abo)

by ?

Original Filename: ipsteal.exe

Written in Visual Basic

more in this category


dropped files:
c:\WINDOWS\HOSTS           Size: 66 bytes 
c:\WINDOWS\winlogin.exe    Size: 39,936 bytes 

port: 4387, 6130 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows"
data: C:\WINDOWS\winlogin.exe 



tested on Windows XP 
February 05, 2006

MegaSecurity