|
by TiGeR - Man
Released in June 2006
|
|
Server: dropped file: c:\WINDOWS\SVHOST.EXE size: 86,720 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: SVHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe SVHOST.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" new data: SVHOST.EXE tested on Windows XP June 25, 2006MegaSecurity