Technical Information
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- from <Full path to virus> to <Current directory>\ymsee.txt
- 'localhost':1040
- 'pb##.#dvstis.com':88
- 'www.xz##.com':80
- 'im#.#sers.51.la':80
- http://im#.#sers.51.la/18648298.asp
- http://im#.#sers.51.la/18648299.asp
- http://www.xz##.com/upys/hqd1.db
- http://im#.#sers.51.la/18648296.asp
- DNS ASK pb##.#dvstis.com
- DNS ASK im#.#sers.51.la
- DNS ASK www.xz##.com