Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%WINDIR%\looti\Emmss.exe'
- <SYSTEM32>\taskkill.exe /f /im <Virus name>.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\233c8.tmpmlkbat.bat kill
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: '' WindowName: 'TRW2000 for Windows 9x'
- %WINDIR%\looti\Emmss.exe
- %TEMP%\233c8.tmpmlkbat
- %TEMP%\B3DCC3DD\$$$$$$$$.{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\ $$$2\com1.{21EC2020-3AEA-1069-A2DD-08002B30309D}\{4A13E2E6-2637-4119-936C-6DA25AA3361A}
- ClassName: 'ACPU' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TDeDeMainWindow' WindowName: ''
- ClassName: '' WindowName: 'TWX2002 for Windows 9x'
- ClassName: '' WindowName: 'RegmonClass'