by ?
Written in Visual Basic, compressed with ASPack
Released in February 2003
Made in China
Server: dropped files: c:\WINDOWS\SYSTEM\Ip.dat size: 13 bytes c:\WINDOWS\SYSTEM\RunMe.bat size: 190 bytes c:\WINDOWS\SYSTEM\Windll.exe size: 39.936 bytes port: 8623 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Windll" data: C:\WINDOWS\SYSTEM\WINDLL.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "KavRuns" data: C:\WINDOWS\SYSTEM\WINDLL.exe tested on win98