Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ViUpdater' = '%PROGRAM_FILES%\ViUpdater\ViUpdater.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ViStart' = '%PROGRAM_FILES%\ViStart\ViStart.exe'
- %PROGRAM_FILES%\ViUpdater\ViUpdater.exe
- %PROGRAM_FILES%\ViStart\ViStart.exe
- %PROGRAM_FILES%\ViStart\Plugins\MetroServices.exe
- %PROGRAM_FILES%\ViStart\ViStart.exe /cache
- %PROGRAM_FILES%\ViStart\Plugins\SearchProvider.exe
- %PROGRAM_FILES%\ViStart\Language Changer.exe /auto
- %TEMP%\nsm2.tmp\InstallManager.exe
- %PROGRAM_FILES%\ViStart\ViStartActivator.exe /auto
- %TEMP%\ViStart\viupdater_setup.exe
- %TEMP%\nsm2.tmp\InstallManager.exe (downloaded from the Internet)
- %PROGRAM_FILES%\ViStart\Resources\startmenu_expanded.png
- %PROGRAM_FILES%\ViStart\Resources\userframe.png
- %PROGRAM_FILES%\ViStart\Resources\startmenu.png
- %PROGRAM_FILES%\ViStart\Resources\programs_arrow.png
- %PROGRAM_FILES%\ViStart\Resources\start_button.png
- %PROGRAM_FILES%\ViStart\Rollover\Recent.png
- %PROGRAM_FILES%\ViStart\Rollover\defaultprograms.png
- %PROGRAM_FILES%\ViStart\Rollover\documents.png
- %PROGRAM_FILES%\ViStart\Rollover\control.png
- %PROGRAM_FILES%\ViStart\Rollover\computer.png
- %PROGRAM_FILES%\ViStart\Rollover\connect.png
- %PROGRAM_FILES%\ViStart\Start Orbs\Windows Flag.png
- %TEMP%\ViStart\viupdater_setup.exe
- %PROGRAM_FILES%\ViStart\Start Orbs\Ubuntu Orb.png
- %PROGRAM_FILES%\ViStart\Start Orbs\Apple Logo.png
- %PROGRAM_FILES%\ViStart\Start Orbs\Firefox Orb.png
- %PROGRAM_FILES%\ViStart\Resources\allprograms.png
- %PROGRAM_FILES%\ViStart\Resources\button.png
- %PROGRAM_FILES%\ViStart\Resources\jumplist_rollover.png
- %PROGRAM_FILES%\ViStart\Resources\bottombuttons_shutdown.png
- %PROGRAM_FILES%\ViStart\Resources\bottombuttons_arrow.png
- %PROGRAM_FILES%\ViStart\Resources\bottombuttons_logoff.png
- %PROGRAM_FILES%\ViStart\Rollover\games.png
- C:\icon.gif
- %PROGRAM_FILES%\ViUpdater\cache\586e26d0f972cc6eaf215928f2aee7e3.cache
- %PROGRAM_FILES%\ViUpdater\products.xml
- %PROGRAM_FILES%\ViStart\KillMe.exe
- %PROGRAM_FILES%\ViUpdater\KillMe.exe
- %APPDATA%\ViStart\Cache_Rollover_16777215.bmp
- %PROGRAM_FILES%\ViStart\errors.log
- %APPDATA%\ViStart\Cache_Normal_16777215.bmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\thankyou[1].html
- %APPDATA%\ViStart\IconDB_16777215.xml
- %PROGRAM_FILES%\ViStart\Rollover\pictures.png
- %PROGRAM_FILES%\ViStart\Rollover\run.png
- %PROGRAM_FILES%\ViStart\Rollover\network.png
- %PROGRAM_FILES%\ViStart\Rollover\help.png
- %PROGRAM_FILES%\ViStart\Rollover\music.png
- %PROGRAM_FILES%\ViStart\Rollover\search.png
- %TEMP%\nsb4.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\ViUpdater\ViUpdater.exe
- %APPDATA%\ViStart\licence.key
- %PROGRAM_FILES%\ViStart\Rollover\videos.png
- %PROGRAM_FILES%\ViStart\ViStartActivator.exe
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Adobe Audition.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Adobe Bridge.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Adobe After Effects.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\AIM.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Adobe Acrobat Reader.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Adobe Dreamweaver.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Bing.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Calculator.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Amazon.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Adobe Flash.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Adobe Photoshop.ico
- %PROGRAM_FILES%\ViStart\ViConfig.exe
- %TEMP%\nsm2.tmp\KillProcDLL.dll
- %TEMP%\nsm2.tmp\InstallManager.exe
- %TEMP%\nsm2.tmp\inetc.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\download[1].php
- %PROGRAM_FILES%\ViStart\ViStart.exe
- %PROGRAM_FILES%\ViStart\Plugins\MetroServices.exe
- %PROGRAM_FILES%\ViStart\Plugins\SearchProvider.exe
- %PROGRAM_FILES%\ViStart\Resources\startmenu_mask.bmp
- %PROGRAM_FILES%\ViStart\Language Changer.exe
- %PROGRAM_FILES%\ViStart\Resources\layout.xml
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\DeviantART.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Xbox.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Yahoo!.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Videos.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Programs.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Twitter.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\YouTube.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\iPad.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\iPhone.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\eBay.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Zune.ico
- %PROGRAM_FILES%\ViStart\settings.xml
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Google Chrome.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Google.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Gmail.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Facebook.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Firefox.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Internet Explorer.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Paint.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Pictures.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Notepad.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Mail.ico
- %PROGRAM_FILES%\ViStart\Plugins\metro_icons\Netflix.ico
- %TEMP%\nsm2.tmp\KillProcDLL.dll
- %TEMP%\nsb4.tmp\KillProcDLL.dll
- %TEMP%\nsm2.tmp\InstallManager.exe
- %PROGRAM_FILES%\ViStart\ViStartActivator.exe
- %TEMP%\nsm2.tmp\inetc.dll
- 'le###oft.com':80
- 'localhost':1042
- 'www.nt###one.com':80
- 'localhost':1038
- le###oft.com/viupdater/products.xml
- le###oft.com/vistart/thankyou.html
- www.nt###one.com/download.php?k3######
- le###oft.com/vistart/builds/windows-start-menu-icon.gif
- DNS ASK www.le###oft.com
- DNS ASK le###oft.com
- DNS ASK www.nt###one.com
- ClassName: 'DV2ControlHost' WindowName: 'Start Menu'
- ClassName: 'ThunderRT6FormDC' WindowName: 'Running Applications'
- ClassName: 'Button' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'ToolbarWindow32' WindowName: 'Start'
- ClassName: 'ThunderRT6FormDC' WindowName: 'ViStart_Event_Handler'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''