Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>.exe' = '<SYSTEM32>\srvany.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\simple[1]
- <SYSTEM32>\srvany.exe
- <Current directory>\logk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\simple[1]
- 'ld###m.emo.su':80
- 'www.ip##ges.com':80
- ld###m.emo.su/addin.php?ho###############################################################
- www.ip##ges.com/simple/
- DNS ASK ld###m.emo.su
- DNS ASK www.ip##ges.com
- '<Private IP address>':1037