Protoss 1.6
(Backdoor.Win32.Zerg.16)

by Shanghai Kid / SeekInRain

Client written in Visual C++

Server written in Visual Basic

Released in April 2001

Made in China

more versions 


Server:
c:\windows\mstask.exe 

size: 64 KB

port: 1115, 12321 TCP
      12321 UDP          

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices 

added:
HKLM\Software\Microsoft\Windows\CurrentVersion "Signed" 
type: REG_SZ 
data: c:\windows\mstask.exe
MegaSecurity