Technical Information
- '<SYSTEM32>\svchost.exe'
- %TEMP%\8.tmp
- <SYSTEM32>\STREAM.SYS
- %APPDATA%\Microsoft\update.vbs
- %APPDATA%\Microsoft\Internet Explorer\IEXPL0RE.EXE
- %TEMP%\2266a.dat
- from <Full path to virus> to %TEMP%\6.tmp
- 'www.ae#####icismwoods.com':443
- 'localhost':443
- DNS ASK www.ae#####icismwoods.com
- ClassName: 'Shell_TrayWnd' WindowName: ''