by B@dr07
Written in Delphi
Released in November 2006
Server: dropped files: c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\01.exe size: 20,610 bytes c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\Serveur.exe size: 26,491 bytes c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\vock.exe size: 66,536 bytes c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\xhacked.vbs size: 770 bytes port: 2200 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "wextract_cleanup0" data: rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\%user%\LOCALS~1\Temp\IXP000.TMP\" tested on Windows 2000 December 21, 2006MegaSecurity