Written in Visual Basic, compressed with UPX

Released in May 2005

Made in China

Server:
dropped files:
c:\WINNT\system32\tj_pp.dll    Size: 24,576 bytes 
c:\WINNT\system32\tjppdd.exe   Size: 45,056 byte

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "tjpp"
data: tjppdd.exe tjpp %s\tj_pp.dll DLL %s\tjppdd.exe hkOnlyOne kernel32.dll RegisterServiceProcess tj_pp.dll InstallHook P ? ???????? 



tested on Windows 2000
September 05, 2005