Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NetworkChecker' = '<Full path to virus>'
- [<HKLM>\Software\BPFTP]
- [<HKCU>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\Sota\FFFTP\Options]
- [<HKLM>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\SOFTWARE\Far2\Plugins\FTP\Hosts]
- [<HKCU>\SOFTWARE\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\SOFTWARE\Far\Plugins\FTP\Hosts]
- [<HKCU>\SOFTWARE\Microsoft\MessengerService]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\SOFTWARE\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- <DRIVERS>\npf.sys
- <SYSTEM32>\wpcap.dll
- <SYSTEM32>\Packet.dll
- <Full path to virus>
- '61.#6.50.98':80
- '46.##9.151.98':80
- '92.##5.159.93':80
- '93.##.239.92':80
- '93.#8.10.93':80
- '20#.#98.124.110':80
- 'localhost':1102
- '10#.#62.10.103':80
- '92.##.231.100':80
- '19#.#7.48.102':80
- '5.###.216.92':80
- '80.##3.22.84':80
- '10#.#85.14.85':80
- '37.##5.136.83':80
- '94.##.251.82':80
- '37.##9.33.83':80
- '62.#9.4.90':80
- '17#.98.9.90':80
- '18#.#4.104.89':80
- '31.##8.173.85':80
- '17#.#51.75.88':80
- '46.##4.172.36':80
- '46.##8.241.37':80
- '10#.#2.125.34':80
- '61.##5.145.29':80
- '17#.#51.213.33':80
- '77.##2.164.40':80
- 'localhost':1125
- '46.##9.132.40':80
- '17#.#4.196.38':80
- '89.##2.25.40':80
- '17#.#51.57.29':80
- '46.##0.112.18':80
- '14#.#0.170.18':80
- '46.##8.58.18':80
- '37.##.166.16':80
- '31.##0.151.17':80
- '91.##6.131.26':80
- '17#.#23.195.28':80
- '10#.#6.118.24':80
- '37.#7.48.19':80
- '95.##.198.21':80
- '77.##2.71.59':80
- '46.##1.60.61':80
- '19#.#33.71.58':80
- '10#.#51.24.57':80
- '46.##9.53.57':80
- '88.##8.138.68':80
- 'localhost':1056
- '46.##8.64.64':80
- '5.###.123.62':80
- '62.##2.62.63':80
- '91.##5.221.55':80
- '17#.#07.54.47':80
- '19#.#.234.47':80
- '18#.#30.32.47':80
- '37.##9.160.42':80
- '94.##8.74.43':80
- '17#.#8.11.54':80
- '10#.#6.192.55':80
- '77.##2.38.53':80
- '17#.#50.200.51':80
- '21#.#00.41.52':80
- '27.##3.125.154':80
- '46.##8.91.158':80
- '89.##2.38.151':80
- '93.##.99.148':80
- '31.##2.199.149':80
- '5.###.239.159':80
- 'localhost':1079
- '19#.#14.149.159':80
- '46.##8.41.159':80
- '89.##9.109.159':80
- '15#.#24.242.146':80
- '17#.#03.22.136':80
- '17#.#29.152.136':80
- '14.##.217.135':80
- '46.##1.219.134':80
- '46.##0.81.135':80
- '94.##1.26.145':80
- '15#.#.54.145':80
- '5.###.147.142':80
- '11#.#63.4.137':80
- '18#.#.141.139':80
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'