Technical Information
- %CommonProgramFiles%\011111017947.exe (downloaded from the Internet)
- %TEMP%\.<Virus name>.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ce1[1].exe
- %CommonProgramFiles%\011111017947.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ce2[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sta[1].htm
- %TEMP%\$readtxttemp.txt
- %TEMP%\.<Virus name>.exe
- %CommonProgramFiles%\INI.ini
- %CommonProgramFiles%\INI.ini
- %TEMP%\$readtxttemp.txt
- '02##ds.com':80
- 'www.ha##ilm.com':80
- 'localhost':1036
- 'localhost':1037
- www.ha##ilm.com/ce2.exe
- www.ha##ilm.com/ce1.exe
- 02##ds.com/ip/sta.htm?cp#
- DNS ASK www.ha##ilm.com
- DNS ASK 02##ds.com
- '<Private IP address>':1038
- '<Private IP address>':1039
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''