by WildHackers1
Written in Visual Basic
Released in February 2006
Made in Iran
Server:
dropped file:
c:\WINDOWS\Help\7212SVCHOST.EXE
size: 17,090 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479B6D0-OTRW-U5GH-S1EE-E0AC10B4E9941644} "StubPath"
data: C:\WINDOWS\help\4461SVCHOST.EXE -tx
tested on Windows XP
September 04, 2006
MegaSecurity