Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NetworkChecker' = '<Full path to virus>'
- [<HKLM>\Software\BPFTP]
- [<HKCU>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\Sota\FFFTP\Options]
- [<HKLM>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\SOFTWARE\Far2\Plugins\FTP\Hosts]
- [<HKCU>\SOFTWARE\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\SOFTWARE\Far\Plugins\FTP\Hosts]
- [<HKCU>\SOFTWARE\Microsoft\MessengerService]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\SOFTWARE\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- <DRIVERS>\npf.sys
- <SYSTEM32>\wpcap.dll
- <SYSTEM32>\Packet.dll
- <Full path to virus>
- '37.##.176.233':80
- '95.##.36.234':80
- '37.##5.97.232':80
- '93.##.225.229':80
- '5.###.17.232':80
- '92.##2.226.237':80
- 'localhost':1101
- '94.##.107.237':80
- '10#.#08.244.234':80
- '17#.#14.94.236':80
- '90.##7.113.226':80
- '37.##9.149.216':80
- '41.##6.170.216':80
- '27.##1.117.216':80
- '46.##3.166.211':80
- '59.##1.67.215':80
- '77.##3.22.221':80
- '92.##5.167.224':80
- '12#.#02.235.220':80
- '20#.#05.34.220':80
- '77.##.61.220':80
- '46.##.240.64':80
- '21#.#23.81.66':80
- '13#.#49.32.63':80
- '78.##.190.55':80
- '60.##.253.59':80
- '94.#53.6.68':80
- 'localhost':1124
- '12#.#5.154.67':80
- '21#.#0.196.66':80
- '46.##8.54.67':80
- '37.#7.74.54':80
- '11#.#6.27.44':80
- '12#.#5.176.45':80
- '37.##4.153.43':80
- '5.#.18.41':80
- '11#.#47.26.41':80
- '18#.#91.193.49':80
- '17#.#07.72.53':80
- '10#.#22.33.49':80
- '13#.#7.80.48':80
- '46.##1.16.49':80
- '93.#7.95.22':80
- '18#.#31.228.24':80
- '46.##0.121.19':80
- '21#.#16.42.18':80
- '78.##9.73.19':80
- '93.##.230.31':80
- 'localhost':1055
- '18#.#30.1.30':80
- '31.##.145.26':80
- '10#.#6.76.29':80
- '46.##2.231.17':80
- '78.##.222.12':80
- '89.##9.163.13':80
- '21#.#15.158.12':80
- '2.###.232.11':80
- '46.##.132.12':80
- '17#.#08.14.16':80
- '15#.0.47.16':80
- '94.##1.98.15':80
- '46.##4.117.14':80
- '11#.#69.177.14':80
- '77.##1.45.163':80
- '89.##9.238.163':80
- '89.##5.2.163':80
- '17#.#51.133.162':80
- '5.###.206.162':80
- '17#.#12.4.174':80
- 'localhost':1078
- '21#.#8.162.172':80
- '15#.#55.20.167':80
- '93.##0.181.171':80
- '17#.#6.69.161':80
- '89.##3.133.157':80
- '89.##2.7.158':80
- '94.##0.75.157':80
- '15#.#24.2.152':80
- '77.##2.121.154':80
- '37.##2.197.158':80
- '31.##2.43.159':80
- '37.##.182.158':80
- '21#.#74.10.158':80
- '12#.#6.50.158':80
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'