Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '%TEMP%\delInstav2009.bat' = '%TEMP%\delInstav2009.bat'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AntiVirus Protection' = '%PROGRAM_FILES%\AntiVirus Protection\AVP.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Full path to virus>"' = '<Full path to virus>"'
- %ALLUSERSPROFILE%\Start Menu\AntiVirus Protection\Support.lnk
- %ALLUSERSPROFILE%\Start Menu\AntiVirus Protection\Uninstall AntiVirus Protection.lnk
- %TEMP%\delInstav2009.bat
- %TEMP%\zip.zip
- %HOMEPATH%\Desktop\AntiVirus Protection.lnk
- %ALLUSERSPROFILE%\Start Menu\AntiVirus Protection\AntiVirus Protection.lnk
- %TEMP%\zip.zip
- '21#.#0.115.72':80
- http://21#.#0.115.72/install/zip.zip
- http://21#.#0.115.72/src.php
- ClassName: 'Shell_TrayWnd' WindowName: ''