Towerman 2007 A
(Trojan-Spy.Win32.Delf.uc)
(Backdoor.Win32.Hupigon.dayh for plugin.dll)
(Backdoor.Win32.GrayBird.bh for hideme.dll)

by ?

Written in Delphi

Released in January 2007

Made in China

more versions

 


Server
dropped file:
c:\WINDOWS\system32\trkwkssw.dll
size: 151,040 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TrkWks


tested on Windows XP
March 31, 2007
MegaSecurity