Technical Information
- %WINDIR%\WIN.INI
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\c[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\c[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\c[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\c[1].php
- %WINDIR%\win.ini
- from <Full path to virus> to %TEMP%\114.txt
- 'li##.577q.com':80
- 'localhost':1036
- li##.577q.com/sms/c.php?pa###########
- DNS ASK li##.577q.com