Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'systemupdate' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mswinlogon' = '%WINDIR%\mswinlogon.exe'
- %WINDIR%\Config\<Virus name>.exe
- %WINDIR%\Config\<Virus name>.exe
- <Full path to virus>
- 'im###.no-ip.org':3072
- DNS ASK im###.no-ip.org