Technical Information
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\<Auxiliary name>.exe\shell\open\command] '' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Classes\HTTP\shell\open\command] '' = '"<Full path to virus>" "%1"'
- [<HKLM>\SOFTWARE\Classes\https\shell\open\command] '' = '"<Full path to virus>" "%1"'
- %HOMEPATH%\Favorites\WordBrowserдЇААЖч.url
- %HOMEPATH%\Start Menu\Programs\OAWordBrowsera?AA??EIIo.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\OAWordBrowsera?AA??EIIo.lnk
- 'www.wo###rowser.cn':80
- www.wo###rowser.cn/ver.txt
- DNS ASK www.wo###rowser.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'