Virus Information
Discovery Date: 02/20/2004
Origin: Unknown
Length: 42,496
Type: Virus
SubType: Open Share Worm
This variant of the worm contains network sharing, backdoor and password stealing capabilities.
When run, the worm copies itself to the Windows System directory (%SYSDIR%) using a random file name. It creates the following registry key in order to load itself at Windows startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "random string" = "%SYSDIR%\(random filename).exe"
The worm periodically connects to the following website on port 2334:
www.melaniecarroll.biz
The port is left open for remote access, where the following functions may be performed:
Read more: http://vil.nai.com/vil/content/v_101041.htm

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic