Technical Information
- '%APPDATA%\sjyl\sjyl.exe' TempDelete:<Current directory>\Ret1.tmp Process:588
- '<Current directory>\Ret1.tmp' SlefDelete:<Full path to virus> Process:588
- '%APPDATA%\sjyl\sjyl.exe' (downloaded from the Internet)
- <Current directory>\Ret1.tmp
- <Full path to virus>
- %APPDATA%\sjyl\Update\UpdateRev.DTM
- %APPDATA%\sjyl\Update\sjyl.DTM
- from %APPDATA%\sjyl\Update\sjyl.tmp to %APPDATA%\sjyl\sjyl.exe
- from %APPDATA%\sjyl\Update\sjyl.DTM to %APPDATA%\sjyl\Update\sjyl.tmp
- from %APPDATA%\sjyl\Update\UpdateRev.DTM to %APPDATA%\sjyl\Update\UpdateRev.dat
- 'www.sj##8.com':80
- http://www.sj##8.com/update/webgame.exe?ra###########
- http://www.sj##8.com/update/updaterev.txt?ra###########
- DNS ASK www.sj##8.com
- ClassName: 'Shell_TrayWnd' WindowName: ''