Type: Worm
Size: 19456 Byte
System Affected: Windows 2000,XP,NT,....
Characteristics :
1) Creates the following registry keys :
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Matri-x27 = FooVA28.EXE
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Matri-x28 = FooVA28.EXE
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\MatriX28 = FooVA28.EXE
◊ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemC32 = FooVa28.exe
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\MatriX28 = FooVA28.EXE
2) Create the following files :
◊ %system%\ZAN72
◊ %system%\SEXY-Dir.exe
◊ %system%\Teens69.dll
◊ %WINDOWS%\Sara16.exe
◊ %WINDOWS%\Aminsw64.dll
◊ %WINDOWS%\Tbsdas.bmp
◊ %WINDOWS%\Yteew32.bat
◊ %WINDOWS%\Iran.mp3
◊ %WINDOWS%\Sara16.exe
◊ %root%\FooVA28.exe