JPS 1.3
(Not detected by KAV on May 28, 2006)

by Veyskarami

Written in Visual Basic

Released in January 2005

Made in The Middle East

more versions 


SEND YAHOO PASSWORDS (5,6,7)
SEND DIAL-UP PASSWORDS
SEND IP
SEND COMPUTER NAME
SEND WIN USER NAME
SEND OS NAME
DISABLE WIN FIREWALL
DISABLE Y!SAVE PASSWORD
DISABLE REGEDIT
DISABLE MS CONFIG
DISABLE TASK MANAGER
DISABLE GROUP POLICY
DISABLE NORTON ANTIVIRUS
DISABLE MACAFEE ANTIVIRUS
DISABLE MESSAGE ARCHIVE
HIDE IN TASKMANAGER & PROCESS
ENABLE REMOTE DESKTOP
CLEAR BIOS PASSWORD
TURN OFF MONITOR
LOCK & HIDE ALL DRIVES IN WINDOWS
AUTO STARTUP SERVER
DISPLAY FAKE ERROR
CHANGE DEFAULT  & CUSTOM ICONS

ARASH VEYSKARAMI


Server:
dropped files:
c:\clear.com                   Size: 12 bytes 
c:\WINDOWS\YMagic.dll          Size: 11,828 bytes 
c:\WINDOWS\system32\YMagic.dll Size: 11,828 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDrives" 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoViewOnDrive" 

	
tested on Windows XP
April 24, 2006
MegaSecurity