Technical Information
- <Full path to virus>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\getip[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\up_3[1].asp
- <Full path to virus>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\url[1].asp
- <Full path to virus>
- from %TEMP%\<Virus name>.exe1 to <Full path to virus>
- from <Full path to virus> to %TEMP%\<Virus name>.exe1
- 'www.33##.org':80
- 'ht.##down.com':80
- 'localhost':1035
- 'v.##o63.com':80
- ht.##down.com/cj2/up_3.asp?a=###########################
- www.33##.org/dyndns/getip
- v.##o63.com/url.asp
- DNS ASK ht.##down.com
- DNS ASK www.33##.org
- DNS ASK v.##o63.com
- ClassName: 'Shell_TrayWnd' WindowName: ''