Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '"<Full path to virus>"'
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\alg.exe
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\smss.exe
- System
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\services.exe
- <SYSTEM32>\winlogon.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\client[1].html
- <Full path to virus>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\client[1].html
- '94.##0.191.201':25
- 'we###lper.at':80
- 'www.wh###smyip.org':80
- 'sm##.gmail.com':25
- 'sm##.live.com':25
- '67.##5.160.76':25
- www.wh###smyip.org/
- we###lper.at/client.html?qu#######
- DNS ASK sm##.mail.ru
- DNS ASK we###lper.at
- DNS ASK www.wh###smyip.org
- DNS ASK sm##.gmail.com
- DNS ASK sm##.live.com
- DNS ASK sm##.#ail.yahoo.com