Backdoor.Win32.VB.ef
(Backdoor.Win32.VB.ef)

by ZHONGYOU

Internal Name: winzy, Original Filename: winzy.exe

Written in Visual Basic, compressed with ASPack

Made in China

more in this category


Backdoor.Win32.VB.ef:
size: 40.448 bytes

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "TaskMoniter" 
c:\windows\win.ini, [windows] "run" 
HKEY_CLASSES_ROOT\chm.file\shell\open\command "(Default)" 
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" 
HKEY_CLASSES_ROOT\scrfile\shell\open\command "(Default)" 
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" 

dropped files:
c:\WINDOWS\MOBBS.EXE 
c:\WINDOWS\NUSCR.EXE 
c:\WINDOWS\SYSTEM\MSINTER.EXE 
c:\WINDOWS\SYSTEM\NOTEPD.EXE 
(all size: 40.448 bytes) 

MegaSecurity