by huaxingin & tengzhenin
Written in Delphi
Released in April 2001
Made in China
Client:
size: 491.520 bytes
port: 2101, 2222 TCP
Servers:
c:\WINDOWS\TEMP\RunDll.exe
c:\WINDOWS\SYSTEM\GIRL.EXE
size: 246.272 bytes
port: 6711, 1133, 1183, 8311 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)"
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system "DisableRegistryTools"
added files:
c:\WINDOWS\SYSTEM\WinPlayer.EXE
c:\WINDOWS\SYSTEMdesktop.ini
c:\WINDOWS\TEMP\desktop.ini
c:\WINDOWS\SYSTEMfolder.htt
MegaSecurity