by Tataye
Successor of Ulysses
Written in Delphi
Made in Rumania
Server:
dropped files:
c:\WINDOWS\dxdgns.dll size: 127,307 bytes
c:\WINDOWS\msagent\msfjvr.com size: 81,920 bytes
c:\WINDOWS\system32\coty.blf size: 94 bytes
c:\WINDOWS\system32\mscoty size: 3 bytes
c:\WINDOWS\system32\mscoty.com size: 81,920 bytes
port: 80 TCP
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "COM Service"
data: C:\WINDOWS\msagent\msfjvr.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44CC0112-AB51-22EF-BA32-20AA12E6115C} "StubPath"
data: C:\WINDOWS\System32\mscoty.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "COM Service"
data: C:\WINDOWS\msagent\msfjvr.com
tested on Windows XP
January 23, 2005
MegaSecurity