Backdoor.Win32.VB.gz
(Backdoor.Win32.VB.gz)

by Maroto (?)

Original name not available

Written in Visual Basic

Probably made in Brazil

more in this category 


dropped file:
c:\WINDOWS\system32\explorer.exe
size: 110,592 bytes 

port: 701 TCP

startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: C:\WINDOWS\System32\explorer.exe %1 %* 




tested on Windows XP
June 27, 2005
MegaSecurity