Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WebTool] 'Start' = '00000002'
- '%WINDIR%\WebTool\WebTool.exe' /Run
- '%WINDIR%\WebTool\WebTool.exe'
- '%WINDIR%\WebTool\WebTool.exe' /InstallService
- '%TEMP%\<Virus name>.exe'
- '%TEMP%\Update.exe' /Install
- %WINDIR%\WebTool\Config.dat
- %WINDIR%\WebTool\WebTool.InstallState
- %WINDIR%\WebTool\Log.txt
- %WINDIR%\WebTool\Xul.zip
- %WINDIR%\WebTool\Settings.dat
- %TEMP%\Settings.dat
- %TEMP%\<Virus name>.exe
- %WINDIR%\WebTool\WebTool.exe
- %TEMP%\Update.exe
- %WINDIR%\WebTool\Log.txt
- %WINDIR%\WebTool\Xul.zip
- %WINDIR%\WebTool\WebTool.InstallState
- %WINDIR%\WebTool\Config.dat
- %WINDIR%\WebTool\WebTool.exe
- %WINDIR%\WebTool\Settings.dat
- 'ko###o.ciki.me':80
- 'ft#.#ozilla.org':80
- 'wp#d':80
- 'vp#.##demyass.com':80
- ft#.#ozilla.org/pub/mozilla.org/xulrunner/releases/3.6.28/runtimes/xulrunner-3.6.28.en-US.win32.zip
- vp#.##demyass.com/geoip/city.php?ip#
- wp#d/wpad.dat
- DNS ASK ko###o.ciki.me
- DNS ASK ft#.#ozilla.org
- DNS ASK wp#d
- DNS ASK vp#.##demyass.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'