>
|
>
|
by Destruktor
Written in Delphi
Released in August 2005
Made in Poland
| >
|
| >
|
Server:
dropped files:
c:\WINDOWS\rozruch.exe Size: 40,448 bytes
c:\WINDOWS\shost32.exe Size: 833,135 bytes
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(Default)"
data: C:\WINDOWS\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "shost32.exe"
data: C:\WINDOWS\shost32.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List "C:\Documents and Settings\Kobayashi\Desktop\dest22\game.exe"
data: C:\Documents and Settings\%user%\Desktop\dest22\game.exe:*:Enabled:Us�uga systemowa
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "0"
data: SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List "C:\Documents and Settings\Kobayashi\Desktop\dest22\game.exe"
data: C:\Documents and Settings\%user%\Desktop\dest22\game.exe:*:Enabled:Us�uga systemowa
tested on Windows XP
September 07, 2005
MegaSecurity