Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%APPDATA%3windowsupdate.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%APPDATA%3windowsupdate.exe'
- Command Prompt (CMD)
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- User Account Control (UAC)
- %WINDIR%\explorer.exe
- <SYSTEM32>\reg.exe add "HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions" /v NoNavBar /t REG_DWORD /d 1 /f
- %WINDIR%\Explorer.EXE
- opera.exe
- skype.exe
- chrome.exe
- firefox.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- from <Full path to virus> to %APPDATA%3windowsupdate.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''