by unreachableboy
Written in Delphi
Released in February 2005
Made in Turkey
Server: dropped file: c:\WINDOWS\system32\df.bat Size: 310 bytes c:\WINDOWS\system32\directx32.exe Size: 509,665 bytes c:\WINDOWS\system32\dxdlg.dat Size: 3,779 bytes c:\WINDOWS\system32\dxdlg.dll Size: 96,768 bytes c:\WINDOWS\system32\dxdlg.txt Size: 3,779 bytes c:\WINDOWS\system32\ka_keyg.dat Size: 0 bytes c:\WINDOWS\system32\kurtmailpv.exe Size: 43,008 bytes c:\WINDOWS\system32\kurtmailpv.txt Size: 0 bytes c:\WINDOWS\system32\kurtmspass.exe Size: 43,008 bytes c:\WINDOWS\system32\kurtmspass.txt Size: 0 bytes c:\WINDOWS\system32\kurtnetpass.exe Size: 39,424 bytes c:\WINDOWS\system32\kurtnetpass.txt Size: 0 bytes c:\WINDOWS\system32\kurtpspv.exe Size: 31,744 bytes c:\WINDOWS\system32\kurtpspv.txt Size: 256 bytes port: 28432 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DirectX Plugin" data: C:\WINDOWS\System32\directx32.exe deleted: c:\WINDOWS\system32\Restore\MachineGuid.txt tested on Windows XP March 26, 2006MegaSecurity