Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\] 'Taskman' = 'c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe'
- %WINDIR%\explorer.exe
- <Drive name for removable media>:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\desktop.ini
- <Drive name for removable media>:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
- <Drive name for removable media>:\autorun.inf
- %WINDIR%\explorer.exe
- C:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\desktop.ini
- C:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
- <Drive name for removable media>:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
- <Drive name for removable media>:\autorun.inf
- 'dl.##3ek.com':3321
- DNS ASK dl.##3ek.com
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'