by CMC Ltd.
Original Filename: crezy.exe
Written in Visual Basic
Backdoor.Win32.VB.cl: port: 113 TCP dropped files: c:\WINDOWS\sysdll.exe size: 49.152 bytes c:\WINDOWS\winsdk.exe size: 49.152 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "sysdll" data: C:\WINDOWS\sysdll.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winsdk" data: C:\WINDOWS\winsdk.exe does (try to) join #abcdospaon on a specified IRC server in Turkey tested on Windows XPMegaSecurity