by Leo
Written in Visual Basic
Released in June 2005
Server:
dropped files:
c:\WINDOWS\Downloaded Program Files\smss.exe
size: 21,106 bytes
c:\WINDOWS\Downloaded Program Files\svchost.exe
size: 3,232 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} "StubPath"
data: C:\WINDOWS\Downloaded Program Files\svchost.exe
tested on Windows XP
July 01, 2005
MegaSecurity