by ?
Original Filename: gmailgen.exe
Written in Visual Basic
dropped files: c:\WINDOWS\Fonts\_server.exe Size: 456,433 bytes c:\WINDOWS\system32\drivers\etc\hosts port: 30997 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskmgr" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Wintask" data: c:\WINDOWS\Fonts\_server.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx "Wintask" data: c:\WINDOWS\Fonts\_server.exe tested on Windows XP March 28, 2006MegaSecurity