by ?
Written in Borland C++, compressed with PE-Pack
dropped files: c:\WINDOWS\NETDDT.EXE size: 32.256 bytes c:\WINDOWS\wininit.ini size: 102 bytes c:\WINDOWS\system\CMMOD32.EXE size: 32.256 bytes value wininit.ini: [rename] nul=C:\WINDOWS\NETDDT.EXE C:\WINDOWS\NETDDT.EXE=C:\DOCUME~1\KOBAYA~1\Desktop\BACKDO~2.EXE startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(Default)" data: CMMOD32.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe NETDDT.EXE tested on Windows XP December 28, 2004MegaSecurity