Backdoor.Win32.VB.kn
(Backdoor.Win32.VB.kn)

by Michiel

IRC WARBOT, Internal Name: airtrox

Written in Visual Basic

Made in The Netherlands

See also Backdoor.VB.kv by Michiel

more in this category


Dropped file:
c:\WINDOWS\rundll32\rundll32.exe 

size: 98.304 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "rundll32_ins" 

MegaSecurity