Technical Information
- '<Current directory>\ZygorGuides_Updater.exe'
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\temp0.bat" "
- %TEMP%\ZygorGuidesUpdater_log.txt
- %WINDIR%\Temp\temp0.bat
- <Current directory>\ZygorGuides_Updater.exe
- from <Full path to virus> to <Current directory>\Thumb.db
- 'zy###guides.com':80
- 'wp#d':80
- zy###guides.com/updater/eula.rtf
- wp#d/wpad.dat
- DNS ASK zy###guides.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'