Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HP Services' = '%PROGRAM_FILES%\HP\HP_Update.exe'
- <Drive name for removable media>:\Ebooks Collections 2012.edu.exe
- %PROGRAM_FILES%\HP\update.exe
- %PROGRAM_FILES%\HP\update.exe (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bg[1].jpg
- %TEMP%\2.tmp
- %TEMP%\1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\logo[1].jpg
- %TEMP%\~DF5166.tmp
- from %TEMP%\2.tmp to %PROGRAM_FILES%\HP\HP_Update.exe
- from %TEMP%\1.tmp to %PROGRAM_FILES%\HP\update.exe
- 'at##.#llalla.com':80
- 'localhost':1035
- at##.#llalla.com/bg.jpg
- at##.#llalla.com/logo.jpg
- DNS ASK at##.#llalla.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'HP Updater'