Type: Worm
Size: 18944 Byte
System Affected: Windows 2000,XP,NT,....

Characteristics :

1) Creates the following registry keys :

◊ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemC32 = FooVa29.exe


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Matri-x29 = FooVA29.EXE


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\MatriX29 = FooVA29.EXE


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\FooVA29 = FooVA29.EXE

◊ %system%\ZAN72
◊ %system%\SEXY-Dir.exe
◊ %system%\Teens69.dll
◊ %WINDOWS%\Sara16.exe
◊ %WINDOWS%\Aminsw64.dll
◊ %WINDOWS%\Tbsdas.bmp
◊ %WINDOWS%\Yteew32.bat
◊ %WINDOWS%\Iran.mp3
◊ %root%\FooVA29.exe