Technical Information
To ensure autorun and distribution:
Creates the following services:
- [<HKLM>\SYSTEM\ControlSet001\Services\xmlprov] 'Start' = '00000002'
Substitutes the following executable system files:
- <SYSTEM32>\xmlprov.dll with <SYSTEM32>\xmlprov.dll
Modifies file system :
Creates the following files:
- <SYSTEM32>\dllcache\xmlprov.dll
- %WINDIR%\wi111468nd.temp
Deletes the following files:
- %PROGRAM_FILES%\Internet Explorer\file.tmp
Moves the following system files:
- from <SYSTEM32>\xmlprov.dll to %WINDIR%\xmlprov.dll
Deletes itself.
Network activity:
Connects to:
- 'm5##.3322.org':3468
UDP:
- DNS ASK m5##.3322.org