Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- %TEMP%\nsx3.tmp\nsExec.dll
- %TEMP%\nsx3.tmp\g\pfWWW.dll
- %TEMP%\nsx3.tmp\ns4.tmp
- %TEMP%\nsx3.tmp\ExecDos.dll
- %TEMP%\nsx3.tmp\g\PRFB-IEToolbar.exe
- %TEMP%\nsx3.tmp\g\gtb\toolbar-screenshot.jpg
- %TEMP%\nsx3.tmp\System.dll
- %TEMP%\7ZipSfx.000\CCleaner.exe
- %TEMP%\nsx3.tmp\UserInfo.dll
- %TEMP%\nsx3.tmp\g\gtb\toolbar.html
- %TEMP%\nsx3.tmp\g\gtapi_signed.dll
- %TEMP%\nsx3.tmp\ns4.tmp
- 'wp#d':80
- http://11#.#11.111.2/wpad.dat via wp#d
- DNS ASK dl.google.com
- DNS ASK wp#d
- DNS ASK www.pi###orm.com
- ClassName: 'PiriformCCleaner' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'CCleaner'
- ClassName: 'PiriformRegistration' WindowName: ''
- ClassName: '#32770' WindowName: 'Piriform CCleaner'
- '%TEMP%\nsx3.tmp\g\PRFB-IEToolbar.exe'
- '%TEMP%\GoogleToolbarInstaller_stub_signed.exe' /o:0 /r:PRFB /e:asknot /d:ask /h:ask /q
- '%TEMP%\7ZipSfx.000\CCleaner.exe' /S /NCRC
- '%TEMP%\nsx3.tmp\ns4.tmp' ping -n 1 -w 5000 www.pi###orm.com
- '<SYSTEM32>\ping.exe' -n 1 -w 5000 www.pi###orm.com