Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\RasAuto] 'Start' = '00000002'
- %WINDIR%\addins\admin.exe
- %CommonProgramFiles%\ctfn0m.ini "%PROGRAM_FILES%\2704\27049999ctfn0n.2704lm" ServiceMain
- C:\Documents and Settings\ctfn0m.exe
- %WINDIR%\Web\pe.exe
- %WINDIR%\Temp\2012729163740.exe
- %WINDIR%\Temp\2012729163742.exe
- <SYSTEM32>\sc.exe config RasAuto start= auto
- <SYSTEM32>\cmd.exe /c "%CommonProgramFiles%\zidong.bat"
- %WINDIR%\Explorer.EXE
- %PROGRAM_FILES%\2704\27049999ctfn0n.2704lm
- %CommonProgramFiles%\zidong.bat
- %CommonProgramFiles%\ctfn0m.dll
- %CommonProgramFiles%\ctfn0m.ini
- C:\Documents and Settings\ctfn0m.exe
- %CommonProgramFiles%\ctfn0m.bat
- %WINDIR%\addins\admin.exe
- %WINDIR%\Web\pe.exe
- %WINDIR%\Temp\2012729163740.exe
- %WINDIR%\Temp\FE5CED1F.521gc[1]
- %WINDIR%\Temp\2012729163742.exe
- %WINDIR%\Temp\2012729163740.exe
- C:\Documents and Settings\ctfn0m.exe
- 'dj####9082.3322.org':8000
- DNS ASK dj####9082.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''