Technical Information
- <Drive name for removable media>:\<Virus name>.exe
- %WINDIR%\explorer.exe
- %WINDIR%\srchasst\mui\0409\lclsrch.xml.tmp
- C:\<Virus name>.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\lclsrch[1].xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\balloon[1].xsl
- %WINDIR%\srchasst\mui\0409\balloon.xsl.tmp
- %WINDIR%\srchasst\mui\0409\balloon.xsl.tmp
- %WINDIR%\srchasst\mui\0409\lclsrch.xml.tmp
- 'sa.##ndows.com':80
- sa.##ndows.com/sasearch/lclsrch.xml
- sa.##ndows.com/sasearch/balloon.xsl
- DNS ASK sa.##ndows.com
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '' WindowName: 'GINA Logon'
- ClassName: '' WindowName: ''