Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Explorer' = '<Full path to virus>'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Audio Server] 'ImagePath' = '<Full path to virus>'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Audio Server] 'Start' = '00000002'
- '12#.#25.114.144':80
- 'do####ine.asp?id=':80
- http://www.ba##u.com/ via 12#.#25.114.144
- http://do####ine.asp?id=/
- DNS ASK www.ba##u.com
- DNS ASK do####ine.asp?id=
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''