by Sma Soft
Written in Delphi
Released in May 2006
Made in Iran
Sma Soft Server: dropped files: c:\WINDOWS\WinMsgLoader.exe Size: 310,272 bytes c:\WINDOWS\system32\LoginCMD.exe Size: 6,144 bytes c:\WINDOWS\system32\YMSG12ENCRYPT.dll Size: 46,080 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinMsgLoader" data: C:\WINDOWS\WinMsgLoader.exe tested on Windows XP May 09, 2006MegaSecurity