by Mines the Sun
aka Black Star
Made in China
Released in January 2000
Client:
port: 10000, 20000 TCP
Server:
C:\WINDOWS\SYSTEM\Internet.exe
C:\WINDOWS\SYSTEM\uaiia.exe
C:\WINDOWS\Explore.exe
C:\WINDOWS\RegEdit.exe
original C:\WINDOWS\RegEdit.exe is replaced
C:\WINDOWS\WINHLP32.EXE
original C:\WINDOWS\WINHLP32.EXE is replaced
size: 144.347 bytes
port: 7648, 3215 TCP
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Internet.exe"
HKCR\txtfile\shell\open\command "(Default)"
c:\windows\win.ini "run"
MegaSecurity