Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\notepad.exe <Current directory>\opencrs.txt
Modifies file system :
Creates the following files:
- <Current directory>\opencrs.txt
- %APPDATA%\cookie.tmp
Moves itself:
- from <Full path to virus> to %WINDIR%\SET5.tmp
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''