by ?
Backdoor.Win32.Dumador.g port: 1000, 1001, 2283 TCP dropped files: c:\Documents and Settings\%user%\Start Menu\Programs\Startup\rundllw.exe size: 24,600 bytes c:\WINDOWS\dllreg.exe size: 24,600 bytes c:\WINDOWS\guid32.dll (Trojan-Spy.Win32.SilentLog.a) size: 4,096 bytes c:\WINDOWS\rundllx.sys size: 26 bytes c:\WINDOWS\system32\load32.exe size: 24,600 bytes c:\WINDOWS\system32\vxdmgr32.exe size: 24,600 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" Old data: Explorer.exe New data: explorer.exe C:\WINDOWS\System32\vxdmgr32.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" Data: C:\WINDOWS\dllreg.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "load32" tested on Windows XP February 09, 2005MegaSecurity