by Warning Security Team
Released in November 2007
Made in China
Server Dropped File: c:\WINDOWS\system32\drivers\svchost.exe Size: 10,641 bytes Added to Registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv "ImagePath" Old data: %systemroot%\system32\svchost.exe -k netsvcs New data: %SystemRoot%\system32\drivers\svchost.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv "ImagePath" Old data: %systemroot%\system32\svchost.exe -k netsvcs New data: %SystemRoot%\system32\drivers\svchost.exe Tested on Windows XP December 27, 2007MegaSecurity