by JIMMYLIN
Written in Delphi
Released in August 2002
Made in China
Client: port: 8848, 8864 TCP Server: dropped files: C:\WINDOWS\SYSTEM\internat.dic C:\WINDOWS\notepad.jmp size: 509.440 bytes port: 3721 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Windows" HKCR\txtfile\shell\open\command "(Default)" Added: Keys: HKEY_CLASSES_ROOT\.dic HKEY_CLASSES_ROOT\.jmp Values: HKEY_CLASSES_ROOT\.dic "(Default)" Type: REG_SZ Data: exefile HKEY_CLASSES_ROOT\.jmp "(Default)" Type: REG_SZ Data: exefileMegaSecurity