Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'cmd.exe'
- [<HKCU>\Software\Microsoft\Command Processor] 'Autorun' = 'rundll32 "<LS_APPDATA>\lYmTlpZn\Uit5Gq9Evc.dll",m2Both9jlvC'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- ecmd.exe
- <LS_APPDATA>\lYmTlpZn\wOtxZGET3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\df42v[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\df42v[1]
- from <LS_APPDATA>\lYmTlpZn\wOtxZGET3 to <LS_APPDATA>\lYmTlpZn\93b03e8ff04559ca5b5067cebf4b5810.cdat
- from <Full path to virus> to <LS_APPDATA>\lYmTlpZn\Uit5Gq9Evc.dll
- 'df##v.eu':80
- df##v.eu/?Zm##########################################################################################################################################################
- DNS ASK df##v.eu
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'