Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winadmin' = '%ALLUSERSPROFILE%\Application Data\mWord13.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dllhost' = 'E:\main154\mWord12.exe'
- <Drive name for removable media>:\virus67.bat
- <Drive name for removable media>:\virus68.bat
- <Drive name for removable media>:\virus69.bat
- <Drive name for removable media>:\virus64.bat
- <Drive name for removable media>:\virus65.bat
- <Drive name for removable media>:\virus66.bat
- <Drive name for removable media>:\virus73.bat
- <Drive name for removable media>:\virus74.bat
- <Drive name for removable media>:\virus75.bat
- <Drive name for removable media>:\virus70.bat
- <Drive name for removable media>:\virus71.bat
- <Drive name for removable media>:\virus72.bat
- <Drive name for removable media>:\virus63.bat
- <Drive name for removable media>:\virus54.bat
- <Drive name for removable media>:\virus55.bat
- <Drive name for removable media>:\virus56.bat
- <Drive name for removable media>:\virus51.bat
- <Drive name for removable media>:\virus52.bat
- <Drive name for removable media>:\virus53.bat
- <Drive name for removable media>:\virus60.bat
- <Drive name for removable media>:\virus61.bat
- <Drive name for removable media>:\virus62.bat
- <Drive name for removable media>:\virus57.bat
- <Drive name for removable media>:\virus58.bat
- <Drive name for removable media>:\virus59.bat
- <Drive name for removable media>:\virus92.bat
- <Drive name for removable media>:\virus93.bat
- <Drive name for removable media>:\virus94.bat
- <Drive name for removable media>:\virus89.bat
- <Drive name for removable media>:\virus90.bat
- <Drive name for removable media>:\virus91.bat
- <Drive name for removable media>:\virus98.bat
- <Drive name for removable media>:\virus99.bat
- <Drive name for removable media>:\virus100.bat
- <Drive name for removable media>:\virus95.bat
- <Drive name for removable media>:\virus96.bat
- <Drive name for removable media>:\virus97.bat
- <Drive name for removable media>:\virus88.bat
- <Drive name for removable media>:\virus79.bat
- <Drive name for removable media>:\virus80.bat
- <Drive name for removable media>:\virus81.bat
- <Drive name for removable media>:\virus76.bat
- <Drive name for removable media>:\virus77.bat
- <Drive name for removable media>:\virus78.bat
- <Drive name for removable media>:\virus85.bat
- <Drive name for removable media>:\virus86.bat
- <Drive name for removable media>:\virus87.bat
- <Drive name for removable media>:\virus82.bat
- <Drive name for removable media>:\virus83.bat
- <Drive name for removable media>:\virus84.bat
- <Drive name for removable media>:\virus50.bat
- <Drive name for removable media>:\virus16.bat
- <Drive name for removable media>:\virus17.bat
- <Drive name for removable media>:\virus18.bat
- <Drive name for removable media>:\virus13.bat
- <Drive name for removable media>:\virus14.bat
- <Drive name for removable media>:\virus15.bat
- <Drive name for removable media>:\virus22.bat
- <Drive name for removable media>:\virus23.bat
- <Drive name for removable media>:\virus24.bat
- <Drive name for removable media>:\virus19.bat
- <Drive name for removable media>:\virus20.bat
- <Drive name for removable media>:\virus21.bat
- <Drive name for removable media>:\virus12.bat
- <Drive name for removable media>:\virus3.bat
- <Drive name for removable media>:\virus4.bat
- <Drive name for removable media>:\virus5.bat
- <Drive name for removable media>:\main154\mWord12.exe
- <Drive name for removable media>:\virus1.bat
- <Drive name for removable media>:\virus2.bat
- <Drive name for removable media>:\virus9.bat
- <Drive name for removable media>:\virus10.bat
- <Drive name for removable media>:\virus11.bat
- <Drive name for removable media>:\virus6.bat
- <Drive name for removable media>:\virus7.bat
- <Drive name for removable media>:\virus8.bat
- <Drive name for removable media>:\virus41.bat
- <Drive name for removable media>:\virus42.bat
- <Drive name for removable media>:\virus43.bat
- <Drive name for removable media>:\virus38.bat
- <Drive name for removable media>:\virus39.bat
- <Drive name for removable media>:\virus40.bat
- <Drive name for removable media>:\virus47.bat
- <Drive name for removable media>:\virus48.bat
- <Drive name for removable media>:\virus49.bat
- <Drive name for removable media>:\virus44.bat
- <Drive name for removable media>:\virus45.bat
- <Drive name for removable media>:\virus46.bat
- <Drive name for removable media>:\virus37.bat
- <Drive name for removable media>:\virus28.bat
- <Drive name for removable media>:\virus29.bat
- <Drive name for removable media>:\virus30.bat
- <Drive name for removable media>:\virus25.bat
- <Drive name for removable media>:\virus26.bat
- <Drive name for removable media>:\virus27.bat
- <Drive name for removable media>:\virus34.bat
- <Drive name for removable media>:\virus35.bat
- <Drive name for removable media>:\virus36.bat
- <Drive name for removable media>:\virus31.bat
- <Drive name for removable media>:\virus32.bat
- <Drive name for removable media>:\virus33.bat
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- '<SYSTEM32>\taskkill.exe' /f /im rstrui.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] 'NoStartMenuMorePrograms' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] 'NoFind' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDesktop' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '{01,00,00,00}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] 'NoClose' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] 'NoRun' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] 'NoDrives' = '00000004'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] 'NoFolderOptions' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] 'NoControlPanel' = '00000001'
- %ALLUSERSPROFILE%\Application Data\mWord13.exe
- <Full path to virus>
- %ALLUSERSPROFILE%\Application Data\mWord13.exe
- <Drive name for removable media>:\main154\mWord12.exe
- %WINDIR%\$NtUninstallKB942288-v3$\reg00089
- %WINDIR%\$NtUninstallKB942288-v3$\reg00090
- %WINDIR%\$NtUninstallKB942288-v3$\reg00091
- %WINDIR%\$NtUninstallKB942288-v3$\reg00088
- %WINDIR%\$NtUninstallKB942288-v3$\reg00085
- %WINDIR%\$NtUninstallKB942288-v3$\reg00086
- %WINDIR%\$NtUninstallKB942288-v3$\reg00087
- %WINDIR%\$NtUninstallKB942288-v3$\reg00096
- %WINDIR%\$NtUninstallKB942288-v3$\reg00097
- %WINDIR%\$NtUninstallKB942288-v3$\reg00098
- %WINDIR%\$NtUninstallKB942288-v3$\reg00095
- %WINDIR%\$NtUninstallKB942288-v3$\reg00092
- %WINDIR%\$NtUninstallKB942288-v3$\reg00093
- %WINDIR%\$NtUninstallKB942288-v3$\reg00094
- %WINDIR%\$NtUninstallKB942288-v3$\reg00084
- %WINDIR%\$NtUninstallKB942288-v3$\reg00074
- %WINDIR%\$NtUninstallKB942288-v3$\reg00075
- %WINDIR%\$NtUninstallKB942288-v3$\reg00076
- %WINDIR%\$NtUninstallKB942288-v3$\reg00073
- %WINDIR%\$NtUninstallKB942288-v3$\reg00070
- %WINDIR%\$NtUninstallKB942288-v3$\reg00071
- %WINDIR%\$NtUninstallKB942288-v3$\reg00072
- %WINDIR%\$NtUninstallKB942288-v3$\reg00081
- %WINDIR%\$NtUninstallKB942288-v3$\reg00082
- %WINDIR%\$NtUninstallKB942288-v3$\reg00083
- %WINDIR%\$NtUninstallKB942288-v3$\reg00080
- %WINDIR%\$NtUninstallKB942288-v3$\reg00077
- %WINDIR%\$NtUninstallKB942288-v3$\reg00078
- %WINDIR%\$NtUninstallKB942288-v3$\reg00079
- %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.exe
- %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.inf
- %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.txt
- %WINDIR%\$NtUninstallKB942288-v3$\reg00117
- %WINDIR%\$NtUninstallKB942288-v3$\reg00114
- %WINDIR%\$NtUninstallKB942288-v3$\reg00115
- %WINDIR%\$NtUninstallKB942288-v3$\reg00116
- %WINDIR%\$NtUninstallWIC$\spuninst\updspapi.dll
- %WINDIR%\0.log
- %WINDIR%\AppPatch\AcGenral.dll
- %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.txt
- %WINDIR%\$NtUninstallKB942288-v3$\spuninst\updspapi.dll
- %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.exe
- %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.inf
- %WINDIR%\$NtUninstallKB942288-v3$\reg00113
- %WINDIR%\$NtUninstallKB942288-v3$\reg00103
- %WINDIR%\$NtUninstallKB942288-v3$\reg00104
- %WINDIR%\$NtUninstallKB942288-v3$\reg00105
- %WINDIR%\$NtUninstallKB942288-v3$\reg00102
- %WINDIR%\$NtUninstallKB942288-v3$\reg00099
- %WINDIR%\$NtUninstallKB942288-v3$\reg00100
- %WINDIR%\$NtUninstallKB942288-v3$\reg00101
- %WINDIR%\$NtUninstallKB942288-v3$\reg00110
- %WINDIR%\$NtUninstallKB942288-v3$\reg00111
- %WINDIR%\$NtUninstallKB942288-v3$\reg00112
- %WINDIR%\$NtUninstallKB942288-v3$\reg00109
- %WINDIR%\$NtUninstallKB942288-v3$\reg00106
- %WINDIR%\$NtUninstallKB942288-v3$\reg00107
- %WINDIR%\$NtUninstallKB942288-v3$\reg00108
- %WINDIR%\$NtUninstallKB942288-v3$\reg00069
- %WINDIR%\$NtUninstallKB942288-v3$\reg00027
- %WINDIR%\$NtUninstallKB942288-v3$\reg00028
- %WINDIR%\$NtUninstallKB942288-v3$\reg00029
- %WINDIR%\$NtUninstallKB942288-v3$\reg00026
- %WINDIR%\$NtUninstallKB942288-v3$\reg00023
- %WINDIR%\$NtUninstallKB942288-v3$\reg00024
- %WINDIR%\$NtUninstallKB942288-v3$\reg00025
- %WINDIR%\$NtUninstallKB942288-v3$\reg00034
- %WINDIR%\$NtUninstallKB942288-v3$\reg00035
- %WINDIR%\$NtUninstallKB942288-v3$\reg00036
- %WINDIR%\$NtUninstallKB942288-v3$\reg00033
- %WINDIR%\$NtUninstallKB942288-v3$\reg00030
- %WINDIR%\$NtUninstallKB942288-v3$\reg00031
- %WINDIR%\$NtUninstallKB942288-v3$\reg00032
- %WINDIR%\$NtUninstallKB942288-v3$\reg00022
- %WINDIR%\$NtUninstallKB942288-v3$\msisip.dll
- %WINDIR%\$NtUninstallKB942288-v3$\reg00013
- %WINDIR%\$NtUninstallKB942288-v3$\reg00014
- %WINDIR%\$NtUninstallKB942288-v3$\msimsg.dll
- %WINDIR%\$NtUninstallKB942288-v3$\msi.dll
- %WINDIR%\$NtUninstallKB942288-v3$\msiexec.exe
- %WINDIR%\$NtUninstallKB942288-v3$\msihnd.dll
- %WINDIR%\$NtUninstallKB942288-v3$\reg00019
- %WINDIR%\$NtUninstallKB942288-v3$\reg00020
- %WINDIR%\$NtUninstallKB942288-v3$\reg00021
- %WINDIR%\$NtUninstallKB942288-v3$\reg00018
- %WINDIR%\$NtUninstallKB942288-v3$\reg00015
- %WINDIR%\$NtUninstallKB942288-v3$\reg00016
- %WINDIR%\$NtUninstallKB942288-v3$\reg00017
- %WINDIR%\$NtUninstallKB942288-v3$\reg00059
- %WINDIR%\$NtUninstallKB942288-v3$\reg00060
- %WINDIR%\$NtUninstallKB942288-v3$\reg00061
- %WINDIR%\$NtUninstallKB942288-v3$\reg00058
- %WINDIR%\$NtUninstallKB942288-v3$\reg00055
- %WINDIR%\$NtUninstallKB942288-v3$\reg00056
- %WINDIR%\$NtUninstallKB942288-v3$\reg00057
- %WINDIR%\$NtUninstallKB942288-v3$\reg00066
- %WINDIR%\$NtUninstallKB942288-v3$\reg00067
- %WINDIR%\$NtUninstallKB942288-v3$\reg00068
- %WINDIR%\$NtUninstallKB942288-v3$\reg00065
- %WINDIR%\$NtUninstallKB942288-v3$\reg00062
- %WINDIR%\$NtUninstallKB942288-v3$\reg00063
- %WINDIR%\$NtUninstallKB942288-v3$\reg00064
- %WINDIR%\$NtUninstallKB942288-v3$\reg00054
- %WINDIR%\$NtUninstallKB942288-v3$\reg00042
- %WINDIR%\$NtUninstallKB942288-v3$\reg00043
- %WINDIR%\$NtUninstallKB942288-v3$\reg00044
- %WINDIR%\$NtUninstallKB942288-v3$\reg00041
- %WINDIR%\$NtUninstallKB942288-v3$\reg00037
- %WINDIR%\$NtUninstallKB942288-v3$\reg00039
- %WINDIR%\$NtUninstallKB942288-v3$\reg00040
- %WINDIR%\$NtUninstallKB942288-v3$\reg00049
- %WINDIR%\$NtUninstallKB942288-v3$\reg00052
- %WINDIR%\$NtUninstallKB942288-v3$\reg00053
- %WINDIR%\$NtUninstallKB942288-v3$\reg00048
- %WINDIR%\$NtUninstallKB942288-v3$\reg00045
- %WINDIR%\$NtUninstallKB942288-v3$\reg00046
- %WINDIR%\$NtUninstallKB942288-v3$\reg00047
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'