Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AIUpdateService' = '"%ProgramFiles%\Microsoft Data\<Virus name>.exe" /reinstall=1'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'amigo' = ''
- chrome.exe
- opera.exe
- %TEMP%\Folder_Data_RC_ADDS\xml\op_data.xml
- %TEMP%\Folder_Data_RC_ADDS\js\chr_pref.json
- %TEMP%\Folder_Data_RC_ADDS\xml\task.xml
- %APPDATA%\9659AA5949
- %TEMP%\Folder_Data_RC_ADDS\xml\op_wid.xml
- %TEMP%\Folder_Data_RC_ADDS\adds\addon.xpi
- %ProgramFiles%\Microsoft Data\<Virus name>.exe
- %TEMP%\Folder_Data_RC_ADDS\adds\addon.crx
- %TEMP%\Folder_Data_RC_ADDS\js\ff_set.json
- %TEMP%\Folder_Data_RC_ADDS\adds\addon.oex
- 'vb###wqhqq.ru':80
- http://vb###wqhqq.ru/installLog.php?sc###########################################################################################################################################################...
- DNS ASK vb###wqhqq.ru
- ClassName: 'Indicator' WindowName: ''