Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '%WINDIR%\<Virus name>.exe'
- '%WINDIR%\regedit.exe' /s "1.reg"
- <Current directory>\1.reg
- %WINDIR%\<Virus name>.exe
- <Current directory>\1.reg
- '69#.#yftp.biz':2048
- DNS ASK 69#.#yftp.biz
- ClassName: '' WindowName: 'Fatal Error'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''