by ?
c
Released in December 2005
dropped files: c:\Documents and Settings\All Users\Documents\bat.bat Size: 408 bytes c:\Documents and Settings\All Users\Documents\CSRSS.exe Size: 103,936 bytes c:\Documents and Settings\All Users\Documents\end.bat Size: 274 bytes c:\Documents and Settings\All Users\Documents\ftp2.bat Size: 1,148 bytes c:\WINDOWS\Temp\Perflib_Perfdata_28c.dat Size: 16,384 bytes added to registr: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "*!system" data: C:\Docume~1\AllUse~1\Docume~1\CSRSS.exe HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDPWD\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDTCP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDPWD\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDTCP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP\Enum tested on Windows XP December 29, 2005MegaSecurity