by The Neptic
Written in Delphi, compressed with UPX
Released in August 2004
Made in Russia
Server: dropped files: c:\WINNT\leass.exe Size: 273 920 bytes c:\WINNT\system\s32event.dll Size: 10 240 bytes c:\WINNT\system32\msscan.exe Size: 273 920 bytes c:\WINNT\system32\notes.txt Size: 273 920 bytes c:\WINNT\system32\swchost.exe Size: 273 920 bytes port: 57 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe leass.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINNT\system32\msscan.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Laas" data: C:\WINNT\leass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "M$Two" data: C:\WINNT\system32\msscan.exe tested on Win2000 February 14, 2005MegaSecurity