by ?
Original name "msn trojan"
Written in Visual Basic
Made in The Netherlands
dropped files: c:\WINDOWS\goede trojan.exe Size: 155,648 bytes c:\WINDOWS\msofcfg.exe Size: 155,648 bytes c:\WINDOWS\regcfg.dll Size: 72 bytes c:\WINDOWS\system32\boot command.exe Size: 155,648 bytes c:\WINDOWS\system32\fdsk.dll Size: 72 bytes c:\WINDOWS\system32\mssoffice.exe Size: 155,648 bytes c:\WINDOWS\system32\reginfo.retribution Size: 72 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "boot commands" data: C:\WINDOWS\System32\boot command.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DIT IS EEN TROJAN STARTUP" data: C:\WINDOWS\goede trojan.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msmsg" data: C:\WINDOWS\msofcfg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msmsgr" data: C:\Documents and Settings\%user%\Desktop\Backdoor.Win32.VB.am.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "office decryptfiles" data: C:\WINDOWS\System32\mssoffice.exe tested on Windows XP May 08, 2005MegaSecurity