Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SharedAPPs' = '%WINDIR%\system\<Virus name>.exe'
- %WINDIR%\regedit.exe /s %WINDIR%\sharedapp.reg
- <Current directory>\oqwieu.$$$
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ico_indice[1].gif
- %WINDIR%\system\kernel32.vxd
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\novaamelia[1].zvi
- %WINDIR%\sharedapp.reg
- %WINDIR%\system\<Virus name>.exe
- %WINDIR%\svchost_
- %WINDIR%\svchost
- <Current directory>\oqwieu.$$$
- %WINDIR%\svchost
- %WINDIR%\sharedapp.reg
- %WINDIR%\svchost_
- 'us#####ulo.tripod.com':80
- 'im#.##rra.com.br':80
- 'localhost':1037
- us#####ulo.tripod.com/mp3/novaamelia.zvi
- im#.##rra.com.br/capa/imagens/ico_indice.gif
- DNS ASK us#####ulo.tripod.com
- DNS ASK im#.##rra.com.br
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'wPrimeira' WindowName: ''