by ?
Compressed with UPX
Released in May 2005
Made in Turkey
Server:
dropped files:
c:\WINDOWS\system32\sysocxw.com
size: 46,082 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\avlist.vts
size: 485 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ieakhtm.dll
size: 59,392 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\log.vts
size: 2,900 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\mailpas.exe
size: 42,496 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\messnger.exe
size: 41,984 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\netpas.exe
size: 37,376 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\nreg.exe
size: 31,744 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\plugin.exe
size: 171,008 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ser.dat
size: 97 bytes
deleted:
c:\WINDOWS\system32\Restore\MachineGuid.txt
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872415-GGFRT-TKMN-24F9-2154487HHGT8} "StubPath"
data: C:\WINDOWS\System32\sysocxw.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR"
tested on Windows XP
May 14, 2005
MegaSecurity