by ?
Released in October 2006
Server: dropped files: c:\WINDOWS\system\Harry.exe Size: 19,995 bytes c:\WINDOWS\Magic.exe Size: 19,995 bytes c:\WINDOWS\msmdm.exe Size: 159,295 bytes c:\WINDOWS\porter.exe Size: 19,995 bytes port: 584 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Harry" data: C:\WINDOWS\system\Harry.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Magic" data: C:\WINDOWS\Magic.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msmdm" data: C:\WINDOWS\msmdm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "porter" data: C:\WINDOWS\porter.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system "DisableRegistryTools" data: 01, 00, 00, 00 attempts to connect to an IRC Server tested on Windows XP October 21, 2006MegaSecurity