Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,C:\DOCUME~1\ALLUSE~1\DOCUME~1\wis,C:\DOCUME~1\ALLUSE~1\DOCUME~1\wisikeg.exe,'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,C:\DOCUME~1\ALLUSE~1\DOCUME~1\wis,'
- %WINDIR%\Tasks\nVidiaBootAgent.job
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\ctfmon.exe
- drweb.exe
- %TEMP%\F.tmp
- %TEMP%\E.tmp
- %TEMP%\11.tmp
- %TEMP%\10.tmp
- %TEMP%\B.tmp
- %TEMP%\A.tmp
- %TEMP%\D.tmp
- %TEMP%\C.tmp
- %TEMP%\17.tmp
- %TEMP%\16.tmp
- %TEMP%\19.tmp
- %TEMP%\18.tmp
- %TEMP%\13.tmp
- %TEMP%\12.tmp
- %TEMP%\15.tmp
- %TEMP%\14.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ajax[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\dbg[1].php
- %TEMP%\2.tmp
- %TEMP%\5.tmp
- %TEMP%\3.tmp
- %TEMP%\1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\dbg[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\dbg[1].php
- %ALLUSERSPROFILE%\Documents\wisikeg.exe
- %TEMP%\8.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\ajax[1].php
- %TEMP%\9.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\dbg[2].php
- %TEMP%\6.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\dbg[1].php
- %TEMP%\7.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ajax[1].php
- %TEMP%\10.tmp
- %TEMP%\11.tmp
- %TEMP%\12.tmp
- %TEMP%\D.tmp
- %TEMP%\E.tmp
- %TEMP%\F.tmp
- %TEMP%\13.tmp
- %TEMP%\17.tmp
- %TEMP%\18.tmp
- %TEMP%\19.tmp
- %TEMP%\14.tmp
- %TEMP%\15.tmp
- %TEMP%\16.tmp
- %TEMP%\C.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\dbg[1].php
- %TEMP%\5.tmp
- %TEMP%\6.tmp
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\7.tmp
- %TEMP%\A.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\dbg[2].php
- %TEMP%\B.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\dbg[1].php
- %TEMP%\8.tmp
- %TEMP%\9.tmp
- from <Full path to virus> to %TEMP%\4.tmp
- 'localhost':1080
- 'localhost':1082
- 'localhost':1084
- 'localhost':1078
- 'localhost':1072
- 'localhost':1074
- 'localhost':1076
- 'localhost':1093
- 'localhost':1094
- 'localhost':1095
- 'localhost':1092
- 'localhost':1086
- 'localhost':1088
- 'localhost':1090
- 'localhost':1070
- 'localhost':1050
- 'localhost':1051
- 'we###av.info':80
- 'download.windowsupdate.com':80
- 'localhost':1035
- '82.##1.104.112':80
- 'localhost':1037
- 'localhost':1064
- 'localhost':1066
- 'localhost':1068
- 'localhost':1062
- 'ly###ex.info':80
- 'localhost':1058
- 'do###es.info':80
- ly###ex.info/ajax.php
- do###es.info/ajax.php
- we###av.info/ajax.php
- 82.##1.104.112/dbg.php?e=#####################
- 82.##1.104.112/dbg.php?e=############################
- DNS ASK si###ez.info
- DNS ASK do###yh.info
- DNS ASK vi###ek.info
- DNS ASK fo###ah.info
- DNS ASK pu###av.info
- DNS ASK ke###or.info
- DNS ASK ly###en.info
- DNS ASK je###er.info
- DNS ASK xu###yx.info
- DNS ASK no###ef.info
- DNS ASK tu###ev.info
- DNS ASK ma###yt.info
- DNS ASK we###yq.info
- DNS ASK ga###ys.info
- DNS ASK ly###yn.info
- DNS ASK zu###on.info
- DNS ASK na###of.info
- DNS ASK je###id.info
- DNS ASK go###oh.info
- DNS ASK di###oz.info
- DNS ASK ry###iq.info
- DNS ASK bo###ik.info
- DNS ASK ci###oc.info
- DNS ASK ha###as.info
- DNS ASK vo###ak.info
- DNS ASK xu###ax.info
- DNS ASK ry###aq.info
- DNS ASK qe###op.info
- DNS ASK pu###iv.info
- DNS ASK qe###ep.info
- DNS ASK ci###uk.info
- DNS ASK ga###aw.info
- DNS ASK ma###em.info
- DNS ASK no###at.info
- DNS ASK si###oh.info
- DNS ASK xu###oj.info
- DNS ASK ha###ow.info
- DNS ASK qe###oq.info
- DNS ASK tu###al.info
- DNS ASK ly###ex.info
- DNS ASK we###av.info
- DNS ASK download.windowsupdate.com
- DNS ASK do###es.info
- DNS ASK xu###ej.info
- DNS ASK je###an.info
- DNS ASK vi###af.info
- DNS ASK qe###uq.info
- DNS ASK ry###uv.info
- DNS ASK zu###ix.info
- DNS ASK di###ih.info
- DNS ASK je###ur.info
- DNS ASK pu###ul.info
- DNS ASK bo###uf.info
- DNS ASK go###us.info
- DNS ASK ry###ov.info
- DNS ASK ke###in.info
- DNS ASK pu###il.info
- DNS ASK vo###if.info
- DNS ASK na###it.info
- DNS ASK ly###ox.info
- DNS ASK fo###os.info
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '????????????'