I forwarded the files I found to neohapsis and securityfocus. I'm not equipped with the knowledge to disassemble the code hopefully they can shed some light.
The rpctest.exe appears to determine the remote system's OS and spawns a shell, which you can then telnet to. Tftpd.exe is this tftp server : http://www.hanewin.de/e-tftp.htm Worm.exe is a SFX that has rpc.exe tftpd.exe and rpctest.exe in them, extracts and launches them.... -Dave Hopper
smime.p7s
Description: S/MIME cryptographic signature
