Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%PROGRAM_FILES%\SynTPEnh.exe'
- %WINDIR%\windir.ini
- %PROGRAM_FILES%\SynTPEnh.exe
- <Full path to virus>
- 'pa########.dominiotemporario.com':80
- 'co#####ect.fileave.com':80
- 'localhost':1038
- co#####ect.fileave.com/index.html
- pa########.dominiotemporario.com/index.php
- DNS ASK pa########.dominiotemporario.com
- DNS ASK co#####ect.fileave.com
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'