by ?
dropped file: c:\WINDOWS\system32\drivers\etc\hosts added to registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RA32HELL\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ra32hell HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RA32HELL\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ra32hell HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies "DisableRegistryTools" data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies "DisableRegistryTools" data: 00, 00, 00, 00 port: 8982 TCP attempts to connect to an IRC Server tested on Windows XP March 31, 2006MegaSecurity