by W32_Cr4Ck3r
Written in Visual Basic
Released in June 2007
Made in Iran
Server Dropped File: c:\WINDOWS\system32\regsvr.exe Size: 28,917 bytes Added to Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "regsvr" Data: C:\WINDOWS\System32\regsvr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Explorer.exe" Data: C:\WINDOWS\System32\Explorer.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\System32\regsvr.exe" Data: C:\WINDOWS\System32\regsvr.exe:*:Enabled:Microsoft HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\System32\regsvr.exe" Data: C:\WINDOWS\System32\regsvr.exe:*:Enabled:Microsoft Tested on Windows XP December 26, 2007MegaSecurity