by ?
Written in Delphi, compressed with UPX
Released in May 2005
Made in China
Server: dropped files: c:\WINDOWS\Help\winddonnsgbots.hlp Size: 55,296 bytes c:\WINDOWS\system32\tdongsdbot.exe Size: 55,296 bytes added to registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDONGBOT\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdongbot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDONGBOT HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdongbot tested on Windows XP January 15, 2006MegaSecurity