Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\їмЅЭЙПНш.lnk
Malicious functions:
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
- %ALLUSERSPROFILE%\Start Menu\Programs\Internet Explorer.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\ВМЙ«дЇААЖч.lnk
- %ALLUSERSPROFILE%\Start Menu\Internet Explorer.lnk
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\ПµНіПВФШ.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\СФЗйРЎЛµ.url
- %ALLUSERSPROFILE%\Desktop\Жф¶Ї Internet Explorer дЇААЖч.lnk
- %TEMP%\nss3.tmp\System.dll
- %TEMP%\nss3.tmp\ButtonLinker.dll
- %TEMP%\nss3.tmp\InstallOptions.dll
- %TEMP%\nss3.tmp\BrandingURL.dll
- %TEMP%\nss3.tmp\ioSpecial.ini
- %TEMP%\nss3.tmp\modern-wizard.bmp
- %TEMP%\nss3.tmp\modern-header.bmp
- %ALLUSERSPROFILE%\Favorites\PSPУОП·ПВФШ.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\PSPУОП·ПВФШ.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\ФЪПЯРЎУОП·.url
- %ALLUSERSPROFILE%\Favorites\ФЪПЯРЎУОП·.url
- %TEMP%\nsn2.tmp
- %PROGRAM_FILES%\їмЅЭЙПНш.lnk
- C:\їмЅЭЙПНш.lnk
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\ИЛМеКУЖµ.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\ФЪПЯµзУ°.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\ДР»¶Е®°®.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\їЄРДУОП·ВЫМі.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\К±ЙРЕ®ИЛНш.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\µзКУЦ±ІҐНш.url
- %ALLUSERSPROFILE%\Favorites\ѕ«Ж·КХІШ\ЛСНшФЪПЯ.url
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'