Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ProgramaInicia' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '49' = '%WINDIR%\System\49.exe'
- <SYSTEM32>\ntvdm.exe -f -i12
- <SYSTEM32>\ntvdm.exe -f -i13
- <SYSTEM32>\ntvdm.exe -f -i14
- <SYSTEM32>\ntvdm.exe -f -i11
- <SYSTEM32>\ntvdm.exe -f -if
- <SYSTEM32>\ntvdm.exe -f -i10
- <SYSTEM32>\attrib.exe +h +s %WINDIR%\system\49.exe
- <SYSTEM32>\ntvdm.exe -f -i19
- <SYSTEM32>\ntvdm.exe -f -i1a
- <SYSTEM32>\ntvdm.exe -f -i1b
- <SYSTEM32>\ntvdm.exe -f -i18
- <SYSTEM32>\ntvdm.exe -f -i15
- <SYSTEM32>\ntvdm.exe -f -i16
- <SYSTEM32>\ntvdm.exe -f -i17
- <SYSTEM32>\ntvdm.exe -f -i5
- <SYSTEM32>\ntvdm.exe -f -i6
- <SYSTEM32>\ntvdm.exe -f -i7
- <SYSTEM32>\ntvdm.exe -f -i4
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\ntvdm.exe -f -i2
- <SYSTEM32>\ntvdm.exe -f -i3
- <SYSTEM32>\ntvdm.exe -f -ic
- <SYSTEM32>\ntvdm.exe -f -id
- <SYSTEM32>\ntvdm.exe -f -ie
- <SYSTEM32>\ntvdm.exe -f -ib
- <SYSTEM32>\ntvdm.exe -f -i8
- <SYSTEM32>\ntvdm.exe -f -i9
- <SYSTEM32>\ntvdm.exe -f -ia
- %WINDIR%\Temp\scs1F.tmp
- %WINDIR%\Temp\scs1D.tmp
- %WINDIR%\Temp\scs1E.tmp
- %WINDIR%\Temp\scs21.tmp
- %WINDIR%\Temp\scs20.tmp
- %WINDIR%\Temp\scs1C.tmp
- %WINDIR%\Temp\scs18.tmp
- %WINDIR%\Temp\scs17.tmp
- %WINDIR%\Temp\scs19.tmp
- %WINDIR%\Temp\scs1B.tmp
- %WINDIR%\Temp\scs1A.tmp
- %WINDIR%\Temp\scs22.tmp
- %WINDIR%\Temp\scs2A.tmp
- %WINDIR%\Temp\scs29.tmp
- %WINDIR%\Temp\scs2B.tmp
- %WINDIR%\Temp\scs2D.tmp
- %WINDIR%\Temp\scs2C.tmp
- %WINDIR%\Temp\scs28.tmp
- %WINDIR%\Temp\scs24.tmp
- %WINDIR%\Temp\scs23.tmp
- %WINDIR%\Temp\scs25.tmp
- %WINDIR%\Temp\scs27.tmp
- %WINDIR%\Temp\scs26.tmp
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\system\49.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scsB.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scs14.tmp
- %WINDIR%\Temp\scs16.tmp
- %WINDIR%\Temp\scs15.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\Temp\scsD.tmp
- %WINDIR%\Temp\scsC.tmp
- %WINDIR%\Temp\scsE.tmp
- %WINDIR%\Temp\scs10.tmp
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\system\49.exe
- %WINDIR%\Temp\scsF.tmp
- %WINDIR%\Temp\scs18.tmp
- %WINDIR%\Temp\scs11.tmp
- %WINDIR%\Temp\scs17.tmp
- %WINDIR%\Temp\scsC.tmp
- %WINDIR%\Temp\scs14.tmp
- %WINDIR%\Temp\scsD.tmp
- %WINDIR%\Temp\scs1E.tmp
- %WINDIR%\Temp\scs16.tmp
- %WINDIR%\Temp\scs20.tmp
- %WINDIR%\Temp\scs15.tmp
- %WINDIR%\Temp\scs1A.tmp
- %WINDIR%\Temp\scs13.tmp
- %WINDIR%\Temp\scs1C.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs9.tmp
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs10.tmp
- %WINDIR%\Temp\scsA.tmp
- %WINDIR%\Temp\scs12.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scsB.tmp
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scsE.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a60.a64.4a0013'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a78.a80.4b0014'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a8c.a94.4c0015'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a20.a28.470010'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a34.a3c.480011'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a48.a4c.490012'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-aac.abc.4d0016'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b20.b28.51001a'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b3c.b44.52001b'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b58.b60.53001c'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-acc.ad0.4e0017'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ae0.ae4.4f0018'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-afc.b04.500019'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-a0c.a10.46000f'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-970.974.3c0005'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-97c.984.3d0006'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-98c.994.3e0007'
- ClassName: '' WindowName: 'Gerenciador de tarefas do windows'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-950.954.3a0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-95c.964.3b0002'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-998.99c.3f0008'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9dc.9e0.43000c'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9ec.9f4.44000d'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9fc.a00.45000e'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9a8.9ac.400009'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9b8.9bc.41000a'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9c8.9d0.42000b'