by DFG 2002
Written in Delphi, packed / encrypted with tElock
Server: dropped files: c:\WINDOWS\SYSTEM\DirectX3D.exe Size: 199.168 bytes c:\WINDOWS\SYSTEM\msgsrv16.exe Size: 199.168 bytes port: 12340 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "DirectX 3D Service" data: DirectX3D.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "server.EXE" data: server.EXE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "MSGSRV16.EXE" data: MSGSRV16.EXE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Service386Shell" data: msgsrv16.exe tested on Windows 98 March 17, 2006MegaSecurity