Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Inoyikotadoqev' = 'rundll32.exe "%WINDIR%\svcsrvc1.dll",Startup'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\2100448576] 'Name' = '%TEMP%\5.tmp'
- %TEMP%\hgvngcs.exe
- %TEMP%\-1998166001
- %TEMP%\lxfy.exe
- %TEMP%\wdux.exe
- %TEMP%\xdsf.exe
- %TEMP%\mhshghx.exe
- %TEMP%\gysg.exe
- %TEMP%\jmohv.exe
- %TEMP%\hhckoyg.exe
- %TEMP%\vdcm.exe
- %TEMP%\nsm3.tmp\2IC.exe
- %TEMP%\nrlv.exe
- %TEMP%\rsftl.exe
- %TEMP%\nsm3.tmp\6tbp.exe
- %TEMP%\nsm3.tmp\3E4U - Old.exe
- %TEMP%\nsm3.tmp\bogamdl.exe
- %TEMP%\nsm3.tmp\1EuroP.exe
- %TEMP%\gysg.exe (downloaded from the Internet)
- %TEMP%\mhshghx.exe (downloaded from the Internet)
- %TEMP%\hhckoyg.exe (downloaded from the Internet)
- %TEMP%\jmohv.exe (downloaded from the Internet)
- %TEMP%\vdcm.exe (downloaded from the Internet)
- %TEMP%\rsftl.exe (downloaded from the Internet)
- %TEMP%\nrlv.exe (downloaded from the Internet)
- %TEMP%\lxfy.exe (downloaded from the Internet)
- %TEMP%\-1998166001 (downloaded from the Internet)
- %TEMP%\xdsf.exe (downloaded from the Internet)
- %TEMP%\wdux.exe (downloaded from the Internet)
- %TEMP%\hgvngcs.exe (downloaded from the Internet)
- <SYSTEM32>\rundll32.exe "%WINDIR%\svcsrvc1.dll",iep
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\rundll32.exe "%WINDIR%\svcsrvc1.dll",Startup
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\spoolsv.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'currentlevel' = '00000000'
- %TEMP%\xdsf.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\wjwwnae[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lyyyzdduh[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\uhhymdqu[1].php
- %TEMP%\jmohv.exe
- %TEMP%\hgvngcs.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bosgwxbeff[1].php
- %TEMP%\Aqz..bat
- %TEMP%\-1998166001
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\vvvjzar[1].php
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y6JKXYEO\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kxyyp[1].php
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ANAW7YZQ\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5AZ05QN\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SXQZSDMN\desktop.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\hhlycptx[1].php
- %TEMP%\hhckoyg.exe
- %TEMP%\mhshghx.exe
- %TEMP%\gysg.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\scctgxkbb[1].php
- %TEMP%\4.tmp
- %TEMP%\nsm3.tmp\6tbp.exe
- %WINDIR%\svcsrvc1.dll
- %WINDIR%\Temp\6.tmp
- %TEMP%\nsm3.tmp\bogamdl.exe
- %TEMP%\nsc2.tmp
- %TEMP%\nsm3.tmp\1EuroP.exe
- %TEMP%\nsm3.tmp\3E4U - Old.exe
- %TEMP%\nsm3.tmp\2IC.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\sbsfwao[1].php
- %TEMP%\vdcm.exe
- %TEMP%\lxfy.exe
- %TEMP%\wdux.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\vvvmmddhvl[1].php
- %TEMP%\rsftl.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\nnrfjmqeh[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\lmzdd[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ivjwneei[1].php
- %TEMP%\nrlv.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SXQZSDMN\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5AZ05QN\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y6JKXYEO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ANAW7YZQ\desktop.ini
- <DRIVERS>\etc\hosts
- %TEMP%\5.tmp
- <SYSTEM32>\svchost.exe
- %WINDIR%\Temp\6.tmp
- %TEMP%\nsm3.tmp\bogamdl.exe
- %TEMP%\nsm3.tmp\2IC.exe
- %TEMP%\nsm3.tmp\1EuroP.exe
- %TEMP%\nsm3.tmp\6tbp.exe
- %TEMP%\nsm3.tmp\3E4U - Old.exe
- from %TEMP%\4.tmp to %TEMP%\5.tmp
- 'localhost':1040
- 'ab###ute.com':80
- ab###ute.com/bdqqu/uhhymdqu.php?ad####################################
- ab###ute.com/bdqqu/lyyyzdduh.php?ad####################################
- ab###ute.com/bdqqu/wjwwnae.php?ad####################################
- ab###ute.com/bdqqu/kxyyp.php?ad##################################################################
- ab###ute.com/bdqqu/scctgxkbb.php?ad####################################
- ab###ute.com/bdqqu/hhlycptx.php?ad####################################
- ab###ute.com/bdqqu/vvvjzar.php?ad####################################
- ab###ute.com/bdqqu/ivjwneei.php?ad####################################
- ab###ute.com/bdqqu/lmzdd.php?ad####################################
- ab###ute.com/bdqqu/nnrfjmqeh.php?ad####################################
- ab###ute.com/bdqqu/bosgwxbeff.php?ad####################################
- ab###ute.com/bdqqu/vvvmmddhvl.php?ad####################################
- ab###ute.com/bdqqu/sbsfwao.php?ad####################################
- DNS ASK sk##ia.in
- DNS ASK gr####uzzchat.in
- DNS ASK 03######0907.centizzy.net
- DNS ASK ab###ute.com
- DNS ASK re###blica.it
- DNS ASK se##aa.net
- DNS ASK ye##.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''