by ?
Written in C
dropped files:
c:\WINDOWS\system32\wthunk32.dll size: 15.360 bytes
c:\WINDOWS\system32\wtsysl.dll size: 0 bytes
added to registry:
HKEY_USERS\S-1-5-21-789336058-1957994488-1060284298-1003_Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler "{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"
data: OLE Automation Module
tested on Windows XP
december 22, 2004
MegaSecurity