by ?
Written in Delphi
Released in March 2007
Made in China
Server dropped files: c:\WINDOWS\system32\syst.dll size: 241,664 bytes added to registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc "ImagePath" new data: C:\WINDOWS\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc "Type" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Parameters "ServiceDll" new data: C:\WINDOWS\System32\syst.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent "(Default)" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSVC\0000 "ConfigFlags" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc "ImagePath" new data: C:\WINDOWS\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc "Type" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Parameters "ServiceDll" tested on Windows XP March 23, 2007MegaSecurity