by Darksky
Written in Visual C++
Released in July 2002
Made in China
Server Dropped files: c:\WINNT\system32\KNREL32.exe size: 16.896 bytes c:\WINNT\system32\notepade.exe size: 16.896 bytes c:\WINNT\system32\SysArchive.exe size: 16.896 bytes port: 5419 TCP startup: HKEY_CLASSES_ROOT\.txt\shell\open\command "(Default)" data: C:\WINNT\system32\notepade.exe %1 ���� ��wx �! D��w h;/ P� �w � � �! X�\|�3�w�� HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SysArchive" data: SysArchive.exe 5418 HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" old data: "%1" %* new data: C:\WINNT\system32\KNREL32.exe "%1" %* �w t x x x @ HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" old data: %SystemRoot%\system32\NOTEPAD.EXE %1 new data: C:\WINNT\system32\notepade.exe %1 ���� ��wx �! D��w h;/ P� �w � � �! X�\|�3�w�� tested on Win2000MegaSecurity