Date Discovered: 2/2/2004
Date Added: 2/20/2004
Origin: Unknown
Length: 7680
Type: Trojan
SubType: Downloader
Detection was added to cover for a 32 bit binary PE file having a filesize of 7680 bytes. The file is internally compressed with upx. The filenames are variable and may include names that are very close to regular system files, for example, but not limited to, "taskmon.exe" and /or "system.exe".
When run on for example a win2000 system, it runs silenly, no gui messageboxes appear. It removes itself from the location it was initially run from and moves itself to the %win\%system directory such as c:\winnt\system\taskmon.exe.
The taskmon process is visible in the Windows Task Manager process tab as taskmon.exe. The process can be killed manually.
It makes changes to the registry to load itself automatically at startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run , with, in this case:
Name : System Update
Data : c:\winnt\system\taskmon.exe
Note: VirusScan not only kills the malicious Process but also removes the File and removes the added Registry link Automatically.
When running, it tries to connect to certain websites, the exact addresses omitted on purpose here.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101039

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic