Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows_Optimizer] 'Start' = '00000002'
- '%PROGRAM_FILES%\Windows Movie Maker\optimizer-setup.exe' /VERYSILENT /SP-
- '%PROGRAM_FILES%\Windows Movie Maker\zcode.exe'
- '%TEMP%\is-NLA1H.tmp\optimizer-setup.tmp' /SL5="$400E6,1313320,54272,%PROGRAM_FILES%\Windows Movie Maker\optimizer-setup.exe" /VERYSILENT /SP-
- '%PROGRAM_FILES%\Windows Optimizer\optimizer.exe'
- '%PROGRAM_FILES%\Windows Optimizer\system_shell.exe' "reg" "mex"
- '%TEMP%\is-FD54E.tmp\<Virus name>.tmp' /SL5="$30094,7869920,54272,<Full path to virus>" /VERYSILENT /SP-
- '%TEMP%\is-HDLJ0.tmp\<Virus name>.tmp' /SL5="$30092,7869920,54272,<Full path to virus>"
- '%PROGRAM_FILES%\Windows Movie Maker\optimizer-setup.exe'
- '%TEMP%\is-RJKHJ.tmp\optimizer-setup.tmp' /SL5="$500E0,1313320,54272,%PROGRAM_FILES%\Windows Movie Maker\optimizer-setup.exe"
- '%PROGRAM_FILES%\Windows Movie Maker\solidloader.exe'
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\framework.ocx"
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-NA3NA.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-SIQII.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-9KQBU.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-N9PS4.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-TTGR1.tmp
- %PROGRAM_FILES%\Windows Movie Maker\MUI\0409\is-5ON65.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\Windows Movie Maker\Windows Movie Maker.lnk
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-FMS6J.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\Profiles\is-HI96L.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-19POI.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-KHAVG.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-R0268.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-84JKE.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-8L5TC.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-79APH.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-SRT6I.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-52CR0.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-MMOOC.tmp
- %TEMP%\is-VT9JU.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\Windows Optimizer\is-61GE6.tmp
- %TEMP%\is-NLA1H.tmp\optimizer-setup.tmp
- %TEMP%\is-VT9JU.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\Windows Optimizer\is-ID83I.tmp
- %ALLUSERSPROFILE%\Documents\Optimizer\load_config.ini
- %ALLUSERSPROFILE%\Documents\Optimizer\log.ini
- %PROGRAM_FILES%\Windows Optimizer\is-0JI9P.tmp
- %PROGRAM_FILES%\Windows Optimizer\is-SGGH4.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\Windows Movie Maker\Windows Movie Maker on the Web.url
- %ALLUSERSPROFILE%\Start Menu\Programs\Windows Movie Maker\Uninstall Windows Movie Maker.lnk
- %ALLUSERSPROFILE%\Desktop\Windows Movie Maker.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Windows Movie Maker.lnk
- %PROGRAM_FILES%\Windows Movie Maker\unins000.dat
- %TEMP%\is-BJOU1.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-BJOU1.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-RJKHJ.tmp\optimizer-setup.tmp
- %ALLUSERSPROFILE%\Documents\SolidLoader\load_config.ini
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-6LUVF.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-OII9J.tmp
- %APPDATA%\solidloader\is-F0PNL.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-43J7L.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-AI0ME.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-INK57.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-5SB8B.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-E38FJ.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-N7AD8.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-1LSAN.tmp
- %TEMP%\is-DN42N.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-DN42N.tmp\itdownload.dll
- %TEMP%\is-HDLJ0.tmp\<Virus name>.tmp
- %TEMP%\is-DN42N.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-FD54E.tmp\<Virus name>.tmp
- %TEMP%\is-D2ACO.tmp\itdownload.dll
- %TEMP%\is-D2ACO.tmp\check.xml
- %TEMP%\is-D2ACO.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-D2ACO.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\Windows Movie Maker\Shared\is-FD8F8.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\is-LKTBF.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\is-AHP1B.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\is-JIVQF.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\is-UCTTQ.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-A1T8G.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-DRDDV.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\is-BB1JN.tmp
- %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-H204F.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-LC9CH.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-T0SBJ.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-H1VK7.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-AGKCI.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-N2L33.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-9UOHS.tmp
- <SYSTEM32>\is-B1ELJ.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-MLQ5S.tmp
- %PROGRAM_FILES%\Windows Movie Maker\is-HUAM0.tmp
- %TEMP%\is-BJOU1.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-BJOU1.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-FD54E.tmp\<Virus name>.tmp
- %TEMP%\is-RJKHJ.tmp\optimizer-setup.tmp
- %TEMP%\is-NLA1H.tmp\optimizer-setup.tmp
- %TEMP%\is-VT9JU.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-VT9JU.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-D2ACO.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-DN42N.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-DN42N.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-DN42N.tmp\itdownload.dll
- %TEMP%\is-HDLJ0.tmp\<Virus name>.tmp
- %TEMP%\is-D2ACO.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-D2ACO.tmp\itdownload.dll
- %TEMP%\is-D2ACO.tmp\check.xml
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-52CR0.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4j.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-8L5TC.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4i.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-KHAVG.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4h.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-SRT6I.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4m.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-79APH.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4l.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-MMOOC.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4k.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-6LUVF.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4d.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-DRDDV.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4c.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-A1T8G.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4b.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-19POI.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4g.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-84JKE.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4f.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-R0268.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4e.jpg
- from %PROGRAM_FILES%\Windows Optimizer\is-61GE6.tmp to %PROGRAM_FILES%\Windows Optimizer\optimizer.exe
- from %PROGRAM_FILES%\Windows Movie Maker\MUI\0409\is-5ON65.tmp to %PROGRAM_FILES%\Windows Movie Maker\MUI\0409\moviemk.chm
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\Profiles\is-HI96L.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\Profiles\Blank.txt
- from %PROGRAM_FILES%\Windows Optimizer\is-SGGH4.tmp to %PROGRAM_FILES%\Windows Optimizer\load_config.ini
- from %PROGRAM_FILES%\Windows Optimizer\is-0JI9P.tmp to %PROGRAM_FILES%\Windows Optimizer\iehelper.exe
- from %PROGRAM_FILES%\Windows Optimizer\is-ID83I.tmp to %PROGRAM_FILES%\Windows Optimizer\system_shell.exe
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-NA3NA.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\colorfades.xml
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-N9PS4.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4o.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-9KQBU.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4n.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-FMS6J.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\wmtfxtransitions.xml
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-TTGR1.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\rehansplit.xml
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-SIQII.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\effects.xml
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\is-H204F.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\AddOnTFX\BFXset4a.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\is-E38FJ.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2ERES.dll
- from %PROGRAM_FILES%\Windows Movie Maker\is-5SB8B.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2AE.dll
- from %PROGRAM_FILES%\Windows Movie Maker\is-1LSAN.tmp to %PROGRAM_FILES%\Windows Movie Maker\Transitions.txt
- from %PROGRAM_FILES%\Windows Movie Maker\is-LC9CH.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2FXA.dll
- from %PROGRAM_FILES%\Windows Movie Maker\is-AGKCI.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2FILT.dll
- from %PROGRAM_FILES%\Windows Movie Maker\is-H1VK7.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2EXT.dll
- from %PROGRAM_FILES%\Windows Movie Maker\is-OII9J.tmp to %PROGRAM_FILES%\Windows Movie Maker\solidloader.exe
- from %PROGRAM_FILES%\Windows Movie Maker\is-AI0ME.tmp to %PROGRAM_FILES%\Windows Movie Maker\load_config.ini
- from %PROGRAM_FILES%\Windows Movie Maker\is-43J7L.tmp to %PROGRAM_FILES%\Windows Movie Maker\unins000.exe
- from %PROGRAM_FILES%\Windows Movie Maker\is-N7AD8.tmp to %PROGRAM_FILES%\Windows Movie Maker\style.cjstyles
- from %PROGRAM_FILES%\Windows Movie Maker\is-INK57.tmp to %PROGRAM_FILES%\Windows Movie Maker\optimizer-setup.exe
- from %APPDATA%\solidloader\is-F0PNL.tmp to %APPDATA%\solidloader\load_config.ini
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\is-FD8F8.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\news.png
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\is-JIVQF.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\Filters.xml
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\is-AHP1B.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\Empty.txt
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\is-BB1JN.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\Sample2.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\is-UCTTQ.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\Sample1.jpg
- from %PROGRAM_FILES%\Windows Movie Maker\Shared\is-LKTBF.tmp to %PROGRAM_FILES%\Windows Movie Maker\Shared\paint.png
- from %PROGRAM_FILES%\Windows Movie Maker\is-MLQ5S.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2RES2.dll
- from %PROGRAM_FILES%\Windows Movie Maker\is-N2L33.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2RES.dll
- from %PROGRAM_FILES%\Windows Movie Maker\is-T0SBJ.tmp to %PROGRAM_FILES%\Windows Movie Maker\WMM2FXB.dll
- from <SYSTEM32>\is-B1ELJ.tmp to <SYSTEM32>\framework.ocx
- from %PROGRAM_FILES%\Windows Movie Maker\is-9UOHS.tmp to %PROGRAM_FILES%\Windows Movie Maker\license-win.txt
- from %PROGRAM_FILES%\Windows Movie Maker\is-HUAM0.tmp to %PROGRAM_FILES%\Windows Movie Maker\zcode.exe
- 'ap#.###videosoft.com':80
- 'in######r.filebulldog.com':80
- ap#.###videosoft.com/api_ajax.ashx?ac#####################################################################################
- ap#.###videosoft.com/api_ajax.ashx?cl############################################################################################
- in######r.filebulldog.com/binno/get_pre_offering_checks?ui############################################################################################
- ap#.###videosoft.com/api_ajax.ashx?cl#########################################################################################################################
- DNS ASK ap#.###videosoft.com
- DNS ASK in######r.filebulldog.com
- ClassName: 'MovieMakerWndClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'