by Vallani
Written in Delphi
Released in August 2006
Server: dropped files: c:\WINDOWS\ime\chsime\applets\helpctr.reg Size: 949 bytes c:\WINDOWS\ime\chsime\applets\helpfile.cmd Size: 65 bytes c:\WINDOWS\ime\chsime\applets\qcrvk32.exe Size: 475,136 bytes c:\WINDOWS\java\classes\launch.cmd Size: 501 bytes c:\WINDOWS\system32\setup_$h135496.exe Size: 475,136 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" data: 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Services" data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "svchost" data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe HKEY_CLASSES_ROOT\cmdfile\shell\open\command "(Default)" old data: "%1" %* new data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe HKEY_CLASSES_ROOT\comfile\shell\open\command "(Default)" old data: "%1" %* new data: C:\WINDOWS\java\classes\launch.cmd "%1" %* HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" old data: "%1" %* new data: C:\WINDOWS\java\classes\launch.cmd "%1" %* HKEY_CLASSES_ROOT\regfile\shell\open\command "(Default)" old data: regedit.exe "%1" new data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe tested on Windows XP October 10, 2006MegaSecurity