Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CommCtlr' = '%WINDIR%\ctfmom.exe'
- %WINDIR%\ctfmom.exe <Full path to virus>
- %WINDIR%\Explorer.EXE
- %WINDIR%\RCX1.tmp
- %WINDIR%\hit32.dll
- %WINDIR%\ctfmom.exe
- %WINDIR%\command.dll
- %WINDIR%\command.dll
- %WINDIR%\ctfmom.exe
- %WINDIR%\ctfmom.exe
- 'mu####r.sytes.net':2017
- 'mu####r.sytes.net':2016
- 'mu####r.sytes.net':2015
- 'mu####r.sytes.net':2020
- 'mu####r.sytes.net':2019
- 'mu####r.sytes.net':2018
- 'mu####r.sytes.net':2011
- 'mu####r.sytes.net':2010
- 'mu####r.sytes.net':2009
- 'mu####r.sytes.net':2014
- 'mu####r.sytes.net':2013
- 'mu####r.sytes.net':2012
- DNS ASK mu####r.sytes.net