by ?
dropped files: c:\WINDOWS\system32\owxigcum\csrss.dat Size: 276 bytes c:\WINDOWS\system32\owxigcum\csrss.exe Size: 112,970 bytes c:\WINDOWS\system32\owxigcum\csrss.ini Size: 83 bytes c:\WINDOWS\system32\drivers\etc\hosts deleted file: c:\WINDOWS\system32\Restore\MachineGuid.txt added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" data: 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoAdminPage" data: 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "csrss" data: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINDOWS\System32\owxigcum\csrss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "csrss" data: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" old data: new data: C:\WINDOWS\System32\owxigcum\csrss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR" old data: 00, 00, 00, 00 new data: 01, 00, 00, 00 tested on Windows Xp March 03, 2006MegaSecurity