by ?
Written in Visual Basic
Backdoor.Win32.VB.ym: dropped file: c:\WINDOWS\system32\LJMANGEL CRACKER.EXE size: 118,784 bytes port: 1788, 1789 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Hxdhuzgayg" data: C:\WINDOWS\SYSTEM32\LJMANGEL CRACKER.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Fuvjvhdm" data: C:\WINDOWS\SYSTEM32\LJMANGEL CRACKER.EXE HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\Htxmaemizv "Path" data: C:\WINDOWS\SYSTEM32\LJMANGEL CRACKER.EXE tested on Windows XP August 24, 2005MegaSecurity