by OnuR
Written in Dev-C++, Source included
Released in October 2007
Server Dropped Files: c:\WINDOWS\system32\joiner.exe Size: 178,091 bytes c:\WINDOWS\system32\jusched.exe Size: 167,802 bytes c:\WINDOWS\system32\dll\svchost.exe Size: 178,091 bytes Port: 2534 TCP Added to Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" Data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" Data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Generic Host Process for Win32 Services" Data: (data too large: 260 bytes) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Java-Application Manager" Data: (data too large: 260 bytes) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" Data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" Data: 00, 00, 00, 00 Tested on Windows XP October 15, 2007MegaSecurity