by ?
Written in Microsoft Visual C++, Source included
Released in August 2006
Made in China
Server: dropped files: c:\Program Files\Internet Explorer\svchost.exe Size: 76,888 bytes c:\WINDOWS\Help\svchost.exe Size: 76,888 bytes c:\WINDOWS\system32\ShellExt\lsass.exe Size: 76,888 bytes c:\WINDOWS\system32\wins\svchost.exe Size: 76,888 bytes added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe C:\WINDOWS\help\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" old data: C:\WINDOWS\system32\userinit.exe, new data: C:\WINDOWS\System32\userinit.exe,C:\Program Files\Internet Explorer\svchost.exe HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" old data: new data: C:\WINDOWS\System32\ShellExt\lsass.exe HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" old data: new data: C:\WINDOWS\System32\ShellExt\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zhuifengjian "ImagePath" data: C:\WINDOWS\System32\wins\svchost.exe tested on Windows XP June 11, 2007MegaSecurity