by ?
Released in March 2004
dropped files: c:\Program Files\Sexy-Vicky\Vicky\porn.avi size: 614.400 bytes c:\WINDOWS\system32\fixm1.dll size: 46.795 bytes c:\WINDOWS\system32\KB823182012.log size: 10.474 bytes c:\WINDOWS\system32\KB823182013.log size: 20.468 bytes c:\WINDOWS\system32\log.vdx size: 1.522 bytes c:\WINDOWS\system32\secure.txt size: 0 bytes c:\WINDOWS\system32\Secw32.exe size: 2 bytes c:\WINDOWS\system32\Sys132.dll size: 250 bytes c:\WINDOWS\system32\systemu.vxd size: 221 bytes c:\WINDOWS\system32\TEMP.MVR size: 3.456 bytes c:\WINDOWS\system32\UdpV1.dll size: 40.960 bytes c:\WINDOWS\system32\WlnFs.exe size: 3.689 bytes c:\WINDOWS\system32\Wlogk1.exe size: 40 bytes c:\WINDOWS\system32\zvchost.exe size: 656.387 bytes port: 1036 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows" data: C:\WINDOWS\System32\zvchost.exe HKEY_CLASSES_ROOT\ChatFile\DefaultIcon HKEY_CLASSES_ROOT\ChatFile\Shell\open\command HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic HKEY_CLASSES_ROOT\irc\DefaultIcon HKEY_CLASSES_ROOT\irc\Shell\open\command HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic tested on Windows XP December 19, 2004MegaSecurity