Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gserver' = '%PROGRAM_FILES%\Windows NT\gserver.exe'
- %PROGRAM_FILES%\Windows NT\gserver.exe
- %PROGRAM_FILES%\Windows NT\gserver.exe
- <Full path to virus>
- 'zy.##ibizx.com':10103
- DNS ASK zy.##ibizx.com