Technical Information
- [<HKLM>\SOFTWARE\Classes\movier\shell\open\command] '' = '"<Full path to virus>" "/Link:%1"'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\adtag[1].php
- %TEMP%\1261.tmp
- %APPDATA%\Movier\movier.xml
- 'ad#.#ovier.tv':80
- 'localhost':1037
- 'www.mo##er.tv':80
- ad#.#ovier.tv/adtag.php?l=###########
- www.mo##er.tv/checkversion/?v=#############
- www.mo##er.tv/checkdbversion/?v=###
- DNS ASK ad#.#ovier.tv
- DNS ASK www.mo##er.tv
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''