by ZHONGYOU
Internal Name: winzy, Original Filename: winzy.exe
Written in Visual Basic, compressed with ASPack
Made in China
Backdoor.Win32.VB.ef: size: 40.448 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "TaskMoniter" c:\windows\win.ini, [windows] "run" HKEY_CLASSES_ROOT\chm.file\shell\open\command "(Default)" HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" HKEY_CLASSES_ROOT\scrfile\shell\open\command "(Default)" HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" dropped files: c:\WINDOWS\MOBBS.EXE c:\WINDOWS\NUSCR.EXE c:\WINDOWS\SYSTEM\MSINTER.EXE c:\WINDOWS\SYSTEM\NOTEPD.EXE (all size: 40.448 bytes)MegaSecurity