Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\.zzzNetMSSQL0426221] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k ".zzzNetMSSQL0426221"
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\blog[1]
- <SYSTEM32>\RCX1.tmp
- <SYSTEM32>\nt191cbz.dll
- <SYSTEM32>\nt191cbz.dll
- 'hi.##idu.com':80
- hi.##idu.com/debughere/blog/
- DNS ASK hi.##idu.com