by ?
Written in Visual Basic. compressed with UPX
Made in China
dropped files: c:\WINDOWS\WIN.EXE size: 34.304 bytes c:\WINDOWS\SYSTEM\N0TEPAD.EXE size: 34.304 bytes c:\WINDOWS\SYSTEM\WIN.EXE size: 34.304 bytes c:\WINDOWS\TEMP\avcmhk4.dll size: 21.568 bytes added / changed to registry: KEY_CLASSES_ROOT\chm.file\shell\open\command "(Default)" old data: "C:\WINDOWS\hh.exe" %1 new data: win.exe hh.exe %1 HKEY_CLASSES_ROOT\hlpfile\shell\open\command "(Default)" old data: C:\WINDOWS\winhlp32.exe %1 new data: win.exe winhlp32.exe %1 HKEY_CLASSES_ROOT\inifile\shell\open\command "(Default)" old data: C:\WINDOWS\NOTEPAD.EXE %1 new data: N0TEPAD.EXE NOTEPAD.EXE %1 HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" old data: C:\WINDOWS\NOTEPAD.EXE %1 new data: N0TEPAD.EXE NOTEPAD.EXE %1 tested on Windows 98 March 18, 2005MegaSecurity