Technical Information
- [<HKLM>\SOFTWARE\Classes\comfile\shell\open\command] '' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Classes\cmdfile\shell\open\command] '' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Classes\scrfile\shell\open\command] '' = '<Full path to virus>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Alg' = '%WINDIR%\Server.exe'
- [<HKLM>\SOFTWARE\Classes\regfile\shell\open\command] '' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Classes\batfile\shell\open\command] '' = '<Full path to virus>'
- %WINDIR%\Server.exe (downloaded from the Internet)
- %WINDIR%\Server.exe
- %WINDIR%\Server.exe
- '<Private IP address>':80
- <Private IP address>/Server.exe
- ClassName: 'Indicator' WindowName: ''