Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Mail32' = '%WINDIR%\img32\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Mail' = '%WINDIR%\img32\csrss.exe'
- hidden files
- %WINDIR%\misi.exe
- %WINDIR%\taskmgr.exe
- %WINDIR%\img32\services.exe
- %TEMP%\Compress0\rij12.exe
- %WINDIR%\img32\csrss.exe
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\*.* /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common\*.* /G Everyone:f
- <SYSTEM32>\cacls.exe %WINDIR%\img32 /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common\ /G Everyone:f
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories /G Everyone:f
- [<HKCU>\Software\Microsoft\MessengerService]
- %TEMP%\Compress0\wsdll32.exe
- %TEMP%\Compress0\winsyst32.exe
- %TEMP%\Compress0\ushost.dll
- %TEMP%\Compress0\ziplog.txt
- %WINDIR%\taskmgr.exe
- %WINDIR%\img32\csrss.exe
- %WINDIR%\img32\services.exe
- %TEMP%\Compress0\services.exe
- %TEMP%\Compress0\seek.dll
- %TEMP%\Compress0\scloc.dll
- %TEMP%\Compress0\taskmgr.exe
- %TEMP%\Compress0\user.dll
- %TEMP%\Compress0\unir.exe
- %TEMP%\Compress0\unin.dll
- %WINDIR%\msim32.exe
- %PROGRAM_FILES%\Accessories\Common\desktop.ini
- <SYSTEM32>\ANSMTP.dll
- %PROGRAM_FILES%\Accessories\Common\OnlineTime.txt
- %PROGRAM_FILES%\Accessories\Common\ChatRoom.txt
- %PROGRAM_FILES%\Accessories\Common\WebsitesDetail.txt
- %PROGRAM_FILES%\Accessories\Common\WebsitesSummary.txt
- %WINDIR%\DCom.exe
- %WINDIR%\refsdm.dll
- %WINDIR%\auto32.exe
- %WINDIR%\misi.exe
- <SYSTEM32>\MSWINSCK.OCX
- %WINDIR%\ijl11.dll
- %WINDIR%\ziplog.txt
- %TEMP%\Compress0\mail.dll
- %TEMP%\Compress0\inuser.dll
- %TEMP%\Compress0\inmsg.dll
- %TEMP%\Compress0\mailkl.dll
- %TEMP%\Compress0\MSWINSCK.OCX
- %TEMP%\Compress0\Mscomm.exe
- %TEMP%\Compress0\mailsc.dll
- %TEMP%\Compress0\ase.dll
- %TEMP%\Compress0\ANSMTP.dll
- %TEMP%\nso2.tmp
- %TEMP%\Compress0\delkl.dll
- %TEMP%\Compress0\ijl11.dll
- %TEMP%\Compress0\dunin.dll
- %TEMP%\Compress0\dete.dll
- %TEMP%\Compress0\oem.dll
- %TEMP%\Compress0\sccle.dll
- %TEMP%\Compress0\scan.dll
- %TEMP%\Compress0\rvhost.dll
- %TEMP%\Compress0\scday.dll
- %TEMP%\Compress0\scint2.dll
- %TEMP%\Compress0\scint.dll
- %TEMP%\Compress0\scen.dll
- %TEMP%\Compress0\picture.dll
- %TEMP%\Compress0\Picture 012.jpg
- %TEMP%\Compress0\outlook.exe
- %TEMP%\Compress0\port.dll
- %TEMP%\Compress0\rij12.exe
- %TEMP%\Compress0\refsdm.dll
- %TEMP%\Compress0\pwhost.dll
- %TEMP%\~DF8FD8.tmp
- '69.#6.18.49':12001
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''