Technical Information
- <SYSTEM32>\borlndmm.dll
- '<SYSTEM32>\Winlogom.exe' (downloaded from the Internet)
- '<SYSTEM32>\avthekiller.exe' (downloaded from the Internet)
- '<SYSTEM32>\mdktask.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Winlogom[1].exe
- <SYSTEM32>\expressos.cfg
- <SYSTEM32>\Winlogom.exe
- <SYSTEM32>\avthekiller.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\avthekiller[1].exe
- <SYSTEM32>\mdktask.exe
- %TEMP%\~DF6471.tmp
- %TEMP%\~DF731B.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\expressos[1].cfg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\borlndmm[1].dll
- <SYSTEM32>\avthekiller.exe
- <SYSTEM32>\Winlogom.exe
- %TEMP%\~DF6471.tmp
- 'pr#####2010gl.front.ru':80
- 'na######pepel2010.pisem.su':80
- 'localhost':1037
- http://pr#####2010gl.front.ru/Winlogom.exe
- http://pr#####2010gl.front.ru/avthekiller.exe
- http://na######pepel2010.pisem.su/borlndmm.dll
- http://na######pepel2010.pisem.su/expressos.cfg
- DNS ASK pr#####2010gl.front.ru
- DNS ASK na######pepel2010.pisem.su