Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System' = '<SYSTEM32>\1033\Microsoft\Drivers\System.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Services' = '<SYSTEM32>\1033\Microsoft\Drivers\CSRSS.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Idle Process' = '%WINDIR%\SMSS.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Yahoo! Messenger Pager' = '<SYSTEM32>\1033\Microsoft\Drivers\Home Video.exe'
- [<HKLM>\SOFTWARE\Classes\.cmd] '' = 'regfile'
- [<HKLM>\SOFTWARE\Classes\.com] '' = 'regfile'
- [<HKLM>\SOFTWARE\Classes\.bat] '' = 'regfile'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\LSASS.EXE
- <Drive name for removable media>:\Home Video.avi.exe
- <Drive name for removable media>:\CSRSS.exe
- <Drive name for removable media>:\autorun.inf
- hidden files
- file extensions
- Command Prompt (CMD)
- ekrn.exe
- AVPM.EXE
- AVP.EXE
- [<HKCU>\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'Ahsan Manan Khan Bhutta * Internet Explorer *'
- C:\autorun.inf
- %WINDIR%\SMSS.EXE
- C:\Home Video.avi.exe
- C:\CSRSS.exe
- <SYSTEM32>\1033\Microsoft\Drivers\CSRSS.exe
- <SYSTEM32>\1033\Microsoft\Drivers\autorun.inf
- <SYSTEM32>\1033\Microsoft\Drivers\Home Video.exe
- <SYSTEM32>\1033\Microsoft\Drivers\System.exe
- C:\CSRSS.exe
- C:\autorun.inf
- <Drive name for removable media>:\CSRSS.exe
- <Drive name for removable media>:\autorun.inf
- %WINDIR%\SMSS.EXE
- <SYSTEM32>\1033\Microsoft\Drivers\CSRSS.exe
- <SYSTEM32>\1033\Microsoft\Drivers\System.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\LSASS.EXE
- <SYSTEM32>\1033\Microsoft\Drivers\autorun.inf
- <Drive name for removable media>:\autorun.inf
- C:\autorun.inf
- ClassName: 'Shell_TrayWnd' WindowName: ''