Original name is unknown

Written in Visual Basic

Original Filename: MicrosoftProtect.exe

more in this category

Dropped file:
c:\WINDOWS\SYSTEM\SCANSTARTUP.EXE 

size: 143.360 bytes
 
port: 3737 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\SCANSTARTUP "StubPath" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SCANSTARTUP" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices 

added:
HKEY_CURRENT_USER\Software\Microsoft\MS-Protect 

Capable of killing some anti-virus programs.