by ?
Written in C
dropped files: c:\WINDOWS\system32\child.dll (Backdoor.Thunk.e) size: 8.192 bytes added to registry: HKEY_USERS\S-1-5-21-789336058-1957994488-1060284298-1003_Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32 HKEY_CURRENT_USER\Software\Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32 HKEY_CLASSES_ROOT\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler "{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}" data: OLE Automation Module tested on Windows XP december 22, 2004MegaSecurity