Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Weather' = '%PROGRAM_FILES%\AWS\WeatherBug\Weather.EXE 1'
- '%PROGRAM_FILES%\AWS\WeatherBug\mbc.exe'
- '%PROGRAM_FILES%\AWS\WeatherBug\Weather.exe'
- '%TEMP%\GLB1.tmp' 4736 <Full path to virus>
- '%WINDIR%\explorer.exe'
- %WINDIR%\explorer.exe
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002e.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002d.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002c.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0031.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0030.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002f.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002b.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0027.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0026.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0025.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002a.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0029.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0028.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0032.TMP
- %ALLUSERSPROFILE%\Start Menu\Programs\WeatherBug\WeatherBug Uninstall .lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\WeatherBug\Run WeatherBug.lnk
- %ALLUSERSPROFILE%\Start Menu\WeatherBug.lnk
- %PROGRAM_FILES%\AWS\WeatherBug\INSTALL.LOG
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH003c.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH003b.TMP
- %ALLUSERSPROFILE%\Desktop\WeatherBug.lnk
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0035.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0034.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0033.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0038.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0037.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0036.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0024.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0004.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0003.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0002.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0007.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\temp.000
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0005.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0001.TMP
- %TEMP%\GLK3.tmp
- %TEMP%\GLC2.tmp
- %TEMP%\GLB1.tmp
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLG6.tmp
- %TEMP%\GLM4.tmp
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0009.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH001d.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH001b.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0019.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0023.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0021.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH001f.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0017.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH000f.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH000d.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH000b.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0015.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0013.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0011.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0021.TMP
- %TEMP%\GLG6.tmp
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH001f.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH001b.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH001d.TMP
- %TEMP%\GLK3.tmp
- %TEMP%\GLB1.tmp
- %PROGRAM_FILES%\AWS\WeatherBug\mbc.exe
- %TEMP%\GLC2.tmp
- %TEMP%\GLM4.tmp
- %TEMP%\GLF7.tmp
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH000b.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH000d.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0009.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0005.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0007.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH000f.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0017.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0019.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0015.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0011.TMP
- %PROGRAM_FILES%\AWS\WeatherBug\~GLH0013.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0027.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\bot_failed2.html
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0026.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\bot_default.html
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0025.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\alert_failed.html
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0028.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\Bot_loading.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002b.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\wxbuglogo_hor.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002a.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\center_failed.html
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0029.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\bot_loading.html
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0020.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxutil.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0020.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH001e.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxreg.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0022.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0024.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\Background60.jpg
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0023.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\1px.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0022.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxweb.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002c.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\center_loading.html
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0036.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\WxWindow_loading.html
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0035.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\WxWindow_failed.html
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0034.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\WxBug.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0037.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\WxWindow_noconnection.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH003c.TMP to %PROGRAM_FILES%\AWS\WeatherBug\mbc.exe
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH003b.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxbug.ico
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0038.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\MiniReg.jpg
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002f.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\skinmask60.bmp
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002e.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\LeftNavbar60.JPG
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH002d.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\def_bot.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0030.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\TopNavbar60.JPG
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0033.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\weather_window_loading.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0032.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\WBug_Loading.gif
- from %PROGRAM_FILES%\AWS\WeatherBug\Local\~GLH0031.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Local\vssver.scc
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH001e.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH000a.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0008.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Lfcmp10n.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0008.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH000a.TMP to %PROGRAM_FILES%\AWS\WeatherBug\lfimg10N.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH000e.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH000c.TMP to %PROGRAM_FILES%\AWS\WeatherBug\LTDIS10N.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH000c.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0002.TMP to %PROGRAM_FILES%\AWS\WeatherBug\bground.jpg
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0001.TMP to %PROGRAM_FILES%\AWS\WeatherBug\download.txt
- from %TEMP%\~GLH0000.TMP to %TEMP%\GLF7.tmp
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0003.TMP to %PROGRAM_FILES%\AWS\WeatherBug\UNWISE.EXE
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0006.TMP to %PROGRAM_FILES%\AWS\WeatherBug\Weather.exe
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0006.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0004.TMP to %PROGRAM_FILES%\AWS\WeatherBug\REMOVE.EXE
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH000e.TMP to %PROGRAM_FILES%\AWS\WeatherBug\ltfil10N.DLL
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0018.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxlocm.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0018.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0016.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxinstw.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH001a.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH001c.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxproa.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH001c.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH001a.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxpref.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0012.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0010.TMP to %PROGRAM_FILES%\AWS\WeatherBug\ltkrn10N.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0010.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0012.TMP to %PROGRAM_FILES%\AWS\WeatherBug\lfbmp10N.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0016.TMP
- from %PROGRAM_FILES%\AWS\WeatherBug\~GLH0014.TMP to %PROGRAM_FILES%\AWS\WeatherBug\wxdist.dll
- from %PROGRAM_FILES%\AWS\WeatherBug\temp.000 to %PROGRAM_FILES%\AWS\WeatherBug\~GLH0014.TMP
- 'co#####.weatherbug.com':80
- 'is#####.weatherbug.com':80
- is#####.weatherbug.com/WxDataIsapi/WxDataIsapi.cgi?Ge#############################################################################################
- co#####.weatherbug.com/connection/connectionv6.05.htm?t=#####
- is#####.weatherbug.com/WxDataIsapi/WxDataIsapi.cgi?Ge##############################################################################################
- DNS ASK co#####.weatherbug.com
- DNS ASK is#####.weatherbug.com
- ClassName: 'WeatherBugClass' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'MiniBugClass' WindowName: '(null)'