Technical Information
- '<SYSTEM32>\erqqg.exe'
- <SYSTEM32>\ComBHO.dll
- <SYSTEM32>\config.ini
- %TEMP%\~tmp70.dat
- <SYSTEM32>\Log\Install.log
- <SYSTEM32>\Stat.dll
- <SYSTEM32>\Sg_tp.exe
- <SYSTEM32>\TP.dll
- <Current directory>\config.ini
- %TEMP%\nst2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sogoutppid[1].aspx
- %TEMP%\nst2.tmp\inetc.dll
- %TEMP%\nst2.tmp\AccessControl.dll
- <SYSTEM32>\ComBHO.dll
- <SYSTEM32>\qebbb.dll
- <Full path to virus>
- %TEMP%\nst2.tmp\inetc.dll
- %TEMP%\nst2.tmp\System.dll
- %TEMP%\~tmp70.dat
- %TEMP%\nst2.tmp\AccessControl.dll
- from <SYSTEM32>\Sg_tp.exe to <SYSTEM32>\erqqg.exe
- from <SYSTEM32>\TP.dll to <SYSTEM32>\qebbb.dll
- 'www.so###-agent.com':80
- www.so###-agent.com/sogoutppid.aspx?p=###
- DNS ASK www.so###-agent.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'