|
by Toxic_Frog
Written in Visual Basic
Released in February 2005
|
|
Server: dropped file: c:\WINDOWS\SVCHOST.EXE size: 10,215 bytes added to registry: HKEY_USERS\S-1-5-21-789336058-1957994488-1060284298-1003_Classes\exefile\DefaultIcon "(Default)" data: %1 HKEY_USERS\S-1-5-21-789336058-1957994488-1060284298-1003_Classes\exefile\Shell\Open\Command "(Default)" data: C:\WINDOWS\SVCHOST.EXE %1 %* HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" data: %1 HKEY_CURRENT_USER\Software\Classes\exefile\Shell\Open\Command "(Default)" data: C:\WINDOWS\SVCHOST.EXE %1 %* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system "DisableRegistryTools" data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system "DisableTaskMgr" data: 01, 00, 00, 00 HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" old data: "%1" %* new data: C:\WINDOWS\SVCHOST.EXE %1 %* tested on Windows XP September 10, 2005MegaSecurity