Technical Information
Malicious functions:
Executes the following:
- %WINDIR%\regedit.exe /s C:\1.reg
Modifies file system :
Creates the following files:
- %TEMP%\111765_res.tmp
- %PROGRAM_FILES%\Internet Explorer\carss.exe
Moves itself:
- from <Full path to virus> to %PROGRAM_FILES%\tmp.tmp
Miscellaneous:
Searches for the following windows:
- ClassName: 'RegEdit_RegEdit' WindowName: ''