by ?
Written in Visual Basic
dropped file: %local dir%\sh.bat size: 715 bytes port: 113, 45290 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Memory Function" attempts to connect to an IRC Server tested on Windows XP July 12, 2005MegaSecurity