Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\rndll.exe
- %HOMEPATH%\Start Menu\Programs\Startup\avcheck.exe
- <Drive name for removable media>:\run.exe
- %HOMEPATH%\Start Menu\Programs\Startup\rndll.exe
- %HOMEPATH%\Start Menu\Programs\Startup\avcheck.exe
- %APPDATA%\id.txt
- 'gl#####ntrusion.co.cc':80
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK gl#####ntrusion.co.cc
- DNS ASK wp#d