by M.Y.
Written in Visual Basic
Released in January 2005
Made in Iran
Server:
dropped files:
c:\WINDOWS\system32\fixapi.exe Size: 90,480 bytes
c:\WINDOWS\system32\rsn.exe Size: 90,480 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} "StubPath"
data: c:\windows\system32\fixapi.exe
tested on Windows XP
September 28, 2005
MegaSecurity