Technical Information
- '<SYSTEM32>\DNFXiaoXiao.EXE'
- '<SYSTEM32>\regsvr32.exe' DnfXiaoXiao_8_6.dll /s
- '<SYSTEM32>\regsvr32.exe' /u DnfXiaoXiao_8_6.dll /s
- <SYSTEM32>\DNFXiaoXiao.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\s3.dnfxiaoxiao[1]
- <SYSTEM32>\DnfXiaoXiao_8_6.dll
- from <Full path to virus> to <SYSTEM32>\fadfsdfs.dat
- 's3.###xiaoxiao.com':80
- 'localhost':1035
- s3.###xiaoxiao.com/
- DNS ASK s3.###xiaoxiao.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''