Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gserver' = '%PROGRAM_FILES%\Windows NT\gserver.exe'
- %PROGRAM_FILES%\Windows NT\gserver.exe
- %PROGRAM_FILES%\Windows NT\gserver.exe
- <Full path to virus>
- 'www.ft##udy.com':9999
- DNS ASK www.ft##udy.com