By Stan
Written in Visual C++
Server: dropped file: c:\WINDOWS\system32\iexpIore.exe size: 51.194 bytes port: 6667 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: iexpIore.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Default web browser "StubPath" data: C:\WINDOWS\System32\iexpIore.exe ASC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Default web browser" data: C:\WINDOWS\System32\iexpIore.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Default web browser" data: C:\WINDOWS\System32\iexpIore.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" data: iexpIore.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe iexpIore.exe tested on Windows XP December 13, 2004MegaSecurity