Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\ccccc] 'Start' = '00000002'
- <SYSTEM32>\jwzvwy.exe
- C:\ssmarque.scr /S
- C:\1.ini
- C:\RCX1.tmp
- C:\RCX2.tmp
- C:\ssmarque.scr
- <SYSTEM32>\jwzvwy.exe
- C:\2.exe
- <Current directory>\1.ini
- C:\3.exe
- C:\ssmarque.scr
- C:\2.exe
- from C:\3.exe to C:\a.exe
- from <Full path to virus> to C:\3.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '????QQ????????'