Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NatTurbo' = '%PROGRAM_FILES%\NatTurbo\NatTurbo.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%PROGRAM_FILES%\NatTurbo\NatTurbo.exe'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- %PROGRAM_FILES%\NatTurbo\config.ini
- <Current directory>\<Virus name>.dat
- %PROGRAM_FILES%\NatTurbo\NatTurbo.exe
- <Current directory>\<Virus name>.dat
- 'yx###.#24.west263.cn':80
- yx###.#24.west263.cn/2009/getip.asp
- DNS ASK yx###.#24.west263.cn