Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'InterActive' = '%TEMP%\InterActive.exe'
- <Drive name for removable media>:\Install.exe
- '%TEMP%\InterActive.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\newpc[1].php
- C:\Install.exe
- %TEMP%\InterActive.exe
- %TEMP%\InterActive.txt
- 'localhost':1038
- 'gs#.6f.sk':80
- 'wp#d':80
- gs#.6f.sk/msgyes.txt
- gs#.6f.sk/msg.txt
- gs#.6f.sk/block.txt
- gs#.6f.sk/shutyes.txt
- gs#.6f.sk/secretwebyes.txt
- gs#.6f.sk/secretweb.txt
- gs#.6f.sk/webyes.txt
- gs#.6f.sk/web.txt
- gs#.6f.sk/blockkey.txt
- gs#.6f.sk/bombyes.txt
- gs#.6f.sk/newpc.php
- wp#d/wpad.dat
- gs#.6f.sk/pc.txt
- gs#.6f.sk/Install.exe
- gs#.6f.sk/show.txt
- gs#.6f.sk/bomb.txt
- gs#.6f.sk/texthackyes.txt
- DNS ASK gs#.6f.sk
- DNS ASK wp#d
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'