Technical Information
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"<Full path to virus>" -a "%PROGRAM_FILES%\Internet Explorer\iexplore.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Windows Security Center
- chrome.exe
- opera.exe
- iexplore.exe
- firefox.exe
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Options]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Options]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Main]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Main]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\Software\CoffeeCup Software\Internet\Profiles]
- [<HKCU>\Software\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Far2\Plugins\FTP\Hosts]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP\3]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- %HOMEPATH%\Templates\vva.exe
- %HOMEPATH%\Templates\pjo.exe
- %HOMEPATH%\Templates\yoe.exe
- %TEMP%\fwv.exe
- %TEMP%\ace.exe
- %TEMP%\rfe.exe
- %ALLUSERSPROFILE%\Application Data\75j4dg8hlt7
- %TEMP%\75j4dg8hlt7
- %HOMEPATH%\Templates\75j4dg8hlt7
- %HOMEPATH%\Templates\mxf.exe
- %HOMEPATH%\Templates\jqy.exe
- <LS_APPDATA>\75j4dg8hlt7
- <LS_APPDATA>\uha.exe
- <LS_APPDATA>\tll.exe
- %ALLUSERSPROFILE%\Application Data\oqy.exe
- <LS_APPDATA>\sbx.exe
- <LS_APPDATA>\oql.exe
- <LS_APPDATA>\gsk.exe
- %ALLUSERSPROFILE%\Application Data\qbk.exe
- %TEMP%\els.exe
- %TEMP%\ioe.exe
- %ALLUSERSPROFILE%\Application Data\avd.exe
- %ALLUSERSPROFILE%\Application Data\tvl.exe
- %ALLUSERSPROFILE%\Application Data\dor.exe
- 'pi####caciqil.com':80
- 'wu###osux.com':80
- 'ly####wotucoh.com':80
- 'zy####movyxy.com':80
- 'xa###iwehiw.com':80
- 'ne###ezyjih.com':80
- 'wa###opani.com':80
- 'ro####zanasi.com':80
- 've###utuk.com':80
- 'da###ufigaj.com':80
- 'fi####gymeba.com':80
- 'na####hohuly.com':80
- 'lo####hosywaw.com':80
- 'pe###ukos.com':80
- 'hi###umala.com':80
- 'cy####jyvidiwi.com':80
- 'va###uzozuq.com':80
- 'dy####gymasasu.com':80
- 'le####bunosu.com':80
- 'pu####pageta.com':80
- 'xo####fehonog.com':80
- 'ma####noralibu.com':80
- 'co###irebu.com':80
- 'za####dixahok.com':80
- 'ny####wafyfa.com':80
- 'ku###idewar.com':80
- 'mu###ahyxar.com':80
- 'xy###yquk.com':80
- 'di####jubeka.com':80
- 'zo####kimewut.com':80
- 'xe####wunikyle.com':80
- xo####fehonog.com/
- DNS ASK ly####wotucoh.com
- DNS ASK wu###osux.com
- DNS ASK lo####hosywaw.com
- DNS ASK ro####zanasi.com
- DNS ASK wa###opani.com
- DNS ASK ne###ezyjih.com
- DNS ASK pi####caciqil.com
- DNS ASK zy####movyxy.com
- DNS ASK fi####gymeba.com
- DNS ASK da###ufigaj.com
- DNS ASK wu###omovom.com
- DNS ASK xe####kawuhady.com
- DNS ASK hi###umala.com
- DNS ASK pe###ukos.com
- DNS ASK ve###utuk.com
- DNS ASK na####hohuly.com
- DNS ASK xa###iwehiw.com
- DNS ASK dy####gymasasu.com
- DNS ASK va###uzozuq.com
- DNS ASK za####dixahok.com
- DNS ASK le####bunosu.com
- DNS ASK ma####noralibu.com
- DNS ASK xo####fehonog.com
- DNS ASK pu####pageta.com
- DNS ASK co###irebu.com
- DNS ASK ku###idewar.com
- DNS ASK ny####wafyfa.com
- DNS ASK cy####jyvidiwi.com
- DNS ASK mu###ahyxar.com
- DNS ASK zo####kimewut.com
- DNS ASK di####jubeka.com
- DNS ASK xy###yquk.com
- DNS ASK xe####wunikyle.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'msascui_class' WindowName: ''