by TGA
Written in Delphi
Released in January 2006
Made in Brazil
Server: dropped file: c:\WINDOWS\system\smss.exe size: 271,393 bytes port: 6666, 29559, 456, 741 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe, C:\WINDOWS\system\smss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirstRunDisabled" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall" data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall" data: 00, 00, 00, 00 tested on Windows XP February 10, 2006MegaSecurity