by ?
Made in Turkey
Server:
dropped files:
c:\sysrestore.vbs Size: 179 bytes (Backdoor.Win32.Delf.akf)
c:\WINDOWS\system32\sysocxw.com Size: 77,330 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\avlist.vts Size: 485 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ieakhtm.dll Size: 59,392 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ser.dat Size: 91 bytes
deleted file:
c:\WINDOWS\system32\Restore\MachineGuid.txt
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872415-GGFRT-TKMN-24F9-2154487HHGT8}
tested on Windows XP
December 24, 2005
MegaSecurity