Technical Information
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE.EXE
- %WINDIR%\$NtUninstallKB922582$\fltmkb.dll
- %PROGRAM_FILES%\Internet Exp1orer\IEXPLORE
- <Current directory>\~a
- <Current directory>\~a
- from <Full path to virus> to <SYSTEM32>\~zlzl.exe
- 'www.he###lley.com':80
- 'www.ta###enter.com':80
- www.he###lley.com/ezmly/ver.htm
- www.he###lley.com/ezmly/SomeUpVer.htm
- www.he###lley.com/ezmly/dizhi.gif
- www.ta###enter.com/ezmly/bak.htm
- www.he###lley.com/ezmly/app.htm
- www.he###lley.com/ezmly/hostlist.htm
- DNS ASK www.he###lley.com
- DNS ASK www.ta###enter.com
- '<Private IP address>':1036