Technical Information
- '%TEMP%\is-QETTR.tmp\is-7CANL.tmp' /SL4 $40092 <Full path to virus> 244748 148480
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\is-5698S.tmp\_shfoldr.dll
- %TEMP%\is-QETTR.tmp\is-7CANL.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- from <SYSTEM32>\uxtheme.dll to <SYSTEM32>\uxtheme.bak
- ClassName: 'Shell_TrayWnd' WindowName: ''