by SNiPER
Written in Visual Basic, compressed with UPX
Released in June 2004
Made in Germany
Server: dropped file: c:\WINDOWS\windoof.exe size: 58,423 bytes port: 1212, 1213, 1214, 1215 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinLogonApplication" data: C:\WINDOWS\windoof.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "WinLogonApplication" data: C:\WINDOWS\windoof.exe tested on Windows XP February 10, 2005MegaSecurity