Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Full path to virus>,'
- <Current directory>\bos.set
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kayitciguncelleme[1].txt
- <Current directory>\Klavye\x.svt
- %WINDIR%\val.cdt
- %WINDIR%\kar.cdt
- <Full path to virus>
- 'www.fr###ebs.com':80
- 'localhost':1036
- www.fr###ebs.com/korhan99/kayitciguncelleme.txt
- DNS ASK www.fr###ebs.com
- '<Private IP address>':1037