by Zhou Jian
Written in Delphi
Released in January 2008
Made in China
Server Dropped File: c:\WINDOWS\system32\ZRundlll.exe Size: 282,006 bytes Startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZRundlll\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZRundlll\Security Tested on Windows XP March 07, 2008MegaSecurity