by The Neptic
Written in Delphi, compressed with UPX
Made in Russia
Server: dropped file: c:\WINDOWS\system32\svchost.pif size: 240,128 bytes port: 57 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe svchost.pif tested on Windows XP April 16, 2005MegaSecurity