Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"<Full path to virus>",'
- %HOMEPATH%\<Virus name>.exe
- %HOMEPATH%\<Virus name>.exe (downloaded from the Internet)
- %HOMEPATH%\<Virus name>.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\<Virus name>[1].exe
- 'ne####.alongs.cn':80
- ne####.alongs.cn/<Auxiliary name>.exe
- DNS ASK ne####.alongs.cn