Technical Information
- [<HKLM>\SOFTWARE\Classes\IE\shell\open\command] '' = '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://dh.765321.info?1133811?1133811'
- [<HKLM>\SOFTWARE\Classes\JE\shell\open\command] '' = '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.laitao.info'
- [<HKLM>\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command] '' = 'Explorer.exe'
- %WINDIR%\vb.ini
- from <Full path to virus> to <Current directory>\228.tmp
- '2.###321.info':4321
- 'localhost':1035
- DNS ASK 2.###321.info
- '<Private IP address>':1036