by ?
Written in Borland C++, compressed with ASPack
Released in December 2001
dropped file: C:\WINDOWS\SCANREGW.EXE size: 231.936 bytes port: 113 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run original SCANREGW.EXE is replaced by server The text string "War Gibbon v0.60C [DeRS Edition]" can be found in the executable.MegaSecurity