Technical Information
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<Full path to virus>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'run' = ' <Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe, <Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Antivirus' = '<Full path to virus>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Antivirus' = '<Full path to virus>'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = ' <Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Windows Antivirus' = '<Full path to virus>'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\ezbi-1o6.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC.tmp" "%TEMP%\vbcB.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\oksmcmcm.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA.tmp" "%TEMP%\vbc9.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\nesvdtip.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES10.tmp" "%TEMP%\vbcF.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\cus0h8va.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE.tmp" "%TEMP%\vbcD.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\ncwzgwof.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\vbc3.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\5biwyli3.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\vxr_vsr6.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES8.tmp" "%TEMP%\vbc7.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\oet1vpiw.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6.tmp" "%TEMP%\vbc5.tmp"
- %TEMP%\ezbi-1o6.out
- %TEMP%\ezbi-1o6.cmdline
- %TEMP%\ezbi-1o6.0.vb
- %TEMP%\ezbi-1o6.dll
- %TEMP%\RESC.tmp
- %TEMP%\vbcB.tmp
- %TEMP%\oksmcmcm.out
- %TEMP%\oksmcmcm.cmdline
- %TEMP%\oksmcmcm.0.vb
- %TEMP%\oksmcmcm.dll
- %TEMP%\RESA.tmp
- %TEMP%\vbc9.tmp
- %TEMP%\nesvdtip.out
- %TEMP%\nesvdtip.cmdline
- %TEMP%\nesvdtip.0.vb
- %TEMP%\nesvdtip.dll
- %TEMP%\RES10.tmp
- %TEMP%\vbcF.tmp
- %TEMP%\cus0h8va.out
- %TEMP%\cus0h8va.cmdline
- %TEMP%\cus0h8va.0.vb
- %TEMP%\cus0h8va.dll
- %TEMP%\RESE.tmp
- %TEMP%\vbcD.tmp
- %TEMP%\ncwzgwof.out
- %TEMP%\ncwzgwof.cmdline
- %TEMP%\ncwzgwof.0.vb
- %TEMP%\ncwzgwof.dll
- %TEMP%\RES4.tmp
- %TEMP%\vbc3.tmp
- %TEMP%\5biwyli3.out
- %TEMP%\5biwyli3.cmdline
- %TEMP%\5biwyli3.0.vb
- %TEMP%\5biwyli3.dll
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- %TEMP%\vxr_vsr6.out
- %TEMP%\vxr_vsr6.cmdline
- %TEMP%\vxr_vsr6.0.vb
- %TEMP%\vxr_vsr6.dll
- %TEMP%\RES8.tmp
- %TEMP%\vbc7.tmp
- %TEMP%\oet1vpiw.out
- %TEMP%\oet1vpiw.cmdline
- %TEMP%\oet1vpiw.0.vb
- %TEMP%\oet1vpiw.dll
- %TEMP%\RES6.tmp
- %TEMP%\vbc5.tmp
- %TEMP%\ezbi-1o6.dll
- %TEMP%\vbcB.tmp
- %TEMP%\RESC.tmp
- %TEMP%\ezbi-1o6.cmdline
- %TEMP%\ezbi-1o6.0.vb
- %TEMP%\ezbi-1o6.out
- %TEMP%\oksmcmcm.cmdline
- %TEMP%\vbc9.tmp
- %TEMP%\RESA.tmp
- %TEMP%\oksmcmcm.out
- %TEMP%\oksmcmcm.dll
- %TEMP%\oksmcmcm.0.vb
- %TEMP%\nesvdtip.cmdline
- %TEMP%\vbcF.tmp
- %TEMP%\RES10.tmp
- %TEMP%\nesvdtip.dll
- %TEMP%\nesvdtip.0.vb
- %TEMP%\nesvdtip.out
- %TEMP%\cus0h8va.cmdline
- %TEMP%\vbcD.tmp
- %TEMP%\RESE.tmp
- %TEMP%\cus0h8va.0.vb
- %TEMP%\cus0h8va.dll
- %TEMP%\cus0h8va.out
- %TEMP%\ncwzgwof.dll
- %TEMP%\vbc3.tmp
- %TEMP%\RES4.tmp
- %TEMP%\ncwzgwof.cmdline
- %TEMP%\ncwzgwof.0.vb
- %TEMP%\ncwzgwof.out
- %TEMP%\5biwyli3.cmdline
- %TEMP%\vbc1.tmp
- %TEMP%\RES2.tmp
- %TEMP%\5biwyli3.out
- %TEMP%\5biwyli3.0.vb
- %TEMP%\5biwyli3.dll
- %TEMP%\vxr_vsr6.0.vb
- %TEMP%\vbc7.tmp
- %TEMP%\RES8.tmp
- %TEMP%\vxr_vsr6.out
- %TEMP%\vxr_vsr6.dll
- %TEMP%\vxr_vsr6.cmdline
- %TEMP%\oet1vpiw.cmdline
- %TEMP%\vbc5.tmp
- %TEMP%\RES6.tmp
- %TEMP%\oet1vpiw.dll
- %TEMP%\oet1vpiw.out
- %TEMP%\oet1vpiw.0.vb
- '85.##7.220.130':6697
- ClassName: 'Indicator' WindowName: ''