by Ali Moazemi
Written in Visual Basic
Released in September 2008
Server Dropped Files: c:\WINDOWS\system32\taskmr.exe Size: 59,967 bytes c:\WINDOWS\WinSxS\csrss.exe Size: 49,152 bytes Added to Registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\htusd "ImagePath" Data: C:\WINDOWS\WinSxS\csrss.exe /service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stusd "ImagePath" Data: taskmr.exe /service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\htusd "ImagePath" Data: C:\WINDOWS\WinSxS\csrss.exe /service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stusd "ImagePath" Data: taskmr.exe /service Tested on Windows XP September 24, 2008MegaSecurity