Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'microsoft' = '%HOMEPATH%\Templates\sidebar.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%HOMEPATH%\Start Menu\Programs\server.exe'
- <Drive name for removable media>:\HotPic.scr
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- hidden files
- User Account Control (UAC)
- %HOMEPATH%\Start Menu\Programs\server.exe <Full path to virus>
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- outpost.exe
- zlclient.exe
- bdagent.exe
- AVP.EXE
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Paltalk]
- %HOMEPATH%\My Documents\Downloads\Outlook Express-crack.exe
- %HOMEPATH%\My Documents\Downloads\Reference Assemblies-crack.exe
- %HOMEPATH%\My Documents\Downloads\Uninstall Information-crack.exe
- %HOMEPATH%\My Documents\Downloads\Online Services-crack.exe
- %HOMEPATH%\My Documents\Downloads\MSN Gaming Zone-crack.exe
- %HOMEPATH%\My Documents\Downloads\MSXML 6.0-crack.exe
- %HOMEPATH%\My Documents\Downloads\NetMeeting-crack.exe
- %HOMEPATH%\My Documents\Downloads\<Auxiliary name>-crack.exe
- %HOMEPATH%\Start Menu\Programs\server.txt
- %HOMEPATH%\Templates\server.txt
- %HOMEPATH%\My Documents\Downloads\xerox-crack.exe
- %HOMEPATH%\My Documents\Downloads\Windows Media Player-crack.exe
- %HOMEPATH%\My Documents\Downloads\Windows NT-crack.exe
- %HOMEPATH%\My Documents\Downloads\WindowsUpdate-crack.exe
- %HOMEPATH%\My Documents\Downloads\MSN-crack.exe
- C:\HotPic.scr
- %HOMEPATH%\My Documents\Downloads\Common Files-crack.exe
- %HOMEPATH%\My Documents\Downloads\ComPlus Applications-crack.exe
- %HOMEPATH%\Templates\cd.txt
- <Current directory>\mozsqlite3.dll
- <Current directory>\sqlite3.dll
- <Current directory>\System.Data.SQLite.DLL
- %HOMEPATH%\My Documents\Downloads\Microsoft.NET-crack.exe
- %HOMEPATH%\My Documents\Downloads\Movie Maker-crack.exe
- %HOMEPATH%\My Documents\Downloads\MSBuild-crack.exe
- %HOMEPATH%\My Documents\Downloads\microsoft frontpage-crack.exe
- %HOMEPATH%\My Documents\Downloads\FireFox-crack.exe
- %HOMEPATH%\My Documents\Downloads\Internet Explorer-crack.exe
- %HOMEPATH%\My Documents\Downloads\Messenger-crack.exe
- 'pr###roj.1.vg':80
- 'sm##.gmail.com':587
- 'www.do###ntools.com':80
- 'rs###.000a.de':80
- rs###.000a.de/dl/System.Data.SQLite.DLL
- pr###roj.1.vg/mysecuritylock.txt
- rs###.000a.de/dl/sqlite3.dll
- www.do###ntools.com/research/my-ip/myip.xml
- rs###.000a.de/dl/mozsqlite3.dll
- DNS ASK pr###roj.1.vg
- DNS ASK sm##.gmail.com
- DNS ASK www.do###ntools.com
- DNS ASK rs###.000a.de
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'VMDragDetectWndClass' WindowName: ''