Yakoza 2.0
(Trojan-Spy.Win32.Yazoka.h)
(Trojan-Spy.Win32.VB.ry)

by Ali Moazemi

Released in June 2007

Made in Iran

more versions 


Server:
c:\WINDOWS\system32\regsvr.exe
Size: 23,719 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
Old data: Explorer.exe 
New data: explorer.exe C:\WINDOWS\System32/regsvr.exe 


Tested on Windows XP
November 16, 2007
MegaSecurity