Released in May 2004

Written in Visual Basic

Server:
dropped files:
c:\WINDOWS\inf\mdmsmart.exe          Size: 7,008 bytes 
c:\WINDOWS\Resources2\svchost.exe    Size: 33,799 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "(Default)"
data: 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} "StubPath"
data: C:\WINDOWS\inf\mdmsmart.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help "syslnfo.hlp"
data: C:\WINDOWS\Resources2\svchost.exe 


tested on Windows XP
June 22, 2006