Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ccUpdate' = '%WINDIR%\msn.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Norton' = '%WINDIR%\msn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\spool\cmss.exe' = '%WINDIR%\spool\cmss.exe:*:Enabled:cmss.exe'
- hidden files
- %WINDIR%\msn.exe
- %WINDIR%\spool\lsass.exe
- %TEMP%\Compress0\desktop.exe
- %WINDIR%\spool\cmss.exe
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common /G Everyone:f
- <SYSTEM32>\cacls.exe %WINDIR%\spool /G Everyone:f
- bdss.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %TEMP%\Compress0\user.dll
- %TEMP%\Compress0\update.dll
- %TEMP%\Compress0\unir.exe
- %TEMP%\Compress0\ushost.dll
- %TEMP%\Compress0\ziplog.txt
- %TEMP%\Compress0\winsyst32.exe
- %TEMP%\Compress0\weben.dll
- %TEMP%\Compress0\unin.dll
- %TEMP%\Compress0\seekil.dll
- %TEMP%\Compress0\seek.dll
- %TEMP%\Compress0\scloc.dll
- %TEMP%\Compress0\services.exe
- %TEMP%\Compress0\type.dll
- %TEMP%\Compress0\svers.dll
- %TEMP%\Compress0\ssap.dll
- %WINDIR%\slog.dll
- %PROGRAM_FILES%\Accessories\Common\log.txt
- %PROGRAM_FILES%\Accessories\Common\desktop.ini
- %PROGRAM_FILES%\Accessories\Common\OnlineTime.txt
- %PROGRAM_FILES%\Accessories\Common\clog.txt
- %PROGRAM_FILES%\Accessories\Common\WebsitesDetail.txt
- %PROGRAM_FILES%\Accessories\Common\WebsitesSummary.txt
- <SYSTEM32>\MSWINSCK.OCX
- %WINDIR%\msn.exe
- %WINDIR%\spool\cmss.exe
- %WINDIR%\spool\lsass.exe
- %WINDIR%\svers.dll
- %WINDIR%\ziplog.txt
- %WINDIR%\refsdm.dll
- %WINDIR%\netcox.exe
- %TEMP%\Compress0\scint2.dll
- %TEMP%\Compress0\mail.dll
- %TEMP%\Compress0\inuser.dll
- %TEMP%\Compress0\inter.dll
- %TEMP%\Compress0\mailkl.dll
- %TEMP%\Compress0\MSWINSCK.OCX
- %TEMP%\Compress0\msn.exe
- %TEMP%\Compress0\mailsc.dll
- %TEMP%\Compress0\inmsg.dll
- %TEMP%\Compress0\desktop.exe
- %TEMP%\Compress0\delkl.dll
- %TEMP%\Compress0\ass.dll
- %TEMP%\Compress0\dete.dll
- %TEMP%\Compress0\hrreg.dll
- %TEMP%\Compress0\ften.dll
- %TEMP%\Compress0\dunin.dll
- %TEMP%\Compress0\oem.dll
- %TEMP%\Compress0\scan.dll
- %TEMP%\Compress0\rwcs.dll
- %TEMP%\Compress0\rwci.dll
- %TEMP%\Compress0\sccle.dll
- %TEMP%\Compress0\scint.dll
- %TEMP%\Compress0\scen.dll
- %TEMP%\Compress0\scday.dll
- %TEMP%\Compress0\rwce.dll
- %TEMP%\Compress0\refsdm.dll
- %TEMP%\Compress0\pwhost.dll
- %TEMP%\Compress0\port.dll
- %TEMP%\Compress0\resu.dll
- %TEMP%\Compress0\rvport.dll
- %TEMP%\Compress0\rvhost.dll
- %TEMP%\Compress0\rmdesk.dll
- %TEMP%\Compress0\scloc.dll
- %TEMP%\Compress0\scint2.dll
- %TEMP%\Compress0\scint.dll
- %TEMP%\Compress0\services.exe
- %TEMP%\Compress0\seekil.dll
- %TEMP%\Compress0\seek.dll
- %TEMP%\Compress0\scen.dll
- %TEMP%\Compress0\rwcs.dll
- %TEMP%\Compress0\rwci.dll
- %TEMP%\Compress0\rwce.dll
- %TEMP%\Compress0\scday.dll
- %TEMP%\Compress0\sccle.dll
- %TEMP%\Compress0\scan.dll
- %TEMP%\Compress0\ssap.dll
- %TEMP%\Compress0\ziplog.txt
- %TEMP%\Compress0\winsyst32.exe
- %TEMP%\Compress0\weben.dll
- %TEMP%\~DFA8F0.tmp
- %TEMP%\~DF2CBC.tmp
- %TEMP%\~DF1EF5.tmp
- %TEMP%\Compress0\ushost.dll
- %TEMP%\Compress0\unin.dll
- %TEMP%\Compress0\type.dll
- %TEMP%\Compress0\svers.dll
- %TEMP%\Compress0\user.dll
- %TEMP%\Compress0\update.dll
- %TEMP%\Compress0\unir.exe
- %TEMP%\Compress0\ften.dll
- %TEMP%\Compress0\dunin.dll
- %TEMP%\Compress0\dete.dll
- %TEMP%\Compress0\inter.dll
- %TEMP%\Compress0\inmsg.dll
- %TEMP%\Compress0\hrreg.dll
- %TEMP%\Compress0\desktop.exe
- %TEMP%\~DFDC37.tmp
- %TEMP%\~DF9071.tmp
- %TEMP%\~DF6E16.tmp
- %TEMP%\Compress0\delkl.dll
- %TEMP%\Compress0\ass.dll
- %TEMP%\~DFA4D1.tmp
- %TEMP%\Compress0\inuser.dll
- %TEMP%\Compress0\resu.dll
- %TEMP%\Compress0\refsdm.dll
- %TEMP%\Compress0\pwhost.dll
- %TEMP%\Compress0\rvport.dll
- %TEMP%\Compress0\rvhost.dll
- %TEMP%\Compress0\rmdesk.dll
- %TEMP%\Compress0\port.dll
- %TEMP%\Compress0\mailsc.dll
- %TEMP%\Compress0\mailkl.dll
- %TEMP%\Compress0\mail.dll
- %TEMP%\Compress0\oem.dll
- %TEMP%\Compress0\MSWINSCK.OCX
- %TEMP%\Compress0\msn.exe
- '67.##5.111.54':14001
- '67.##5.111.54':37
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'