Demon-Ps 2.7
(Trojan.Win32.Genome.hcv)
(Trojan-PSW.Win32.VB.op for Server)

by Masoud Azimi

Written in Visual Basic

Released in March 2008

Made in Iran

more versions 




Server
Dropped Files:
c:\WINDOWS\system32\ball.exe                 Size: 73,728 bytes 
c:\WINDOWS\system32\i.txt                    Size: 313 bytes 
c:\WINDOWS\system32\S.BAT                    Size: 66 bytes 
c:\WINDOWS\system32\config\he.txt            Size: 222 bytes 
c:\WINDOWS\system32\config\sysrestore.exe    Size: 73,728 bytes 	

Added to Registry::
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "(Default)"
Data: C:\WINDOWS\system32\config\sysrestore.exe -s 
	
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
Data: Explorer.exe C:\WINDOWS\system32\ball.exe -s 	
	
	
	
Tested on Windows XP
September 23, 2008
MegaSecurity