Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavCopy.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyICE.EXE] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\makereport.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\????.exe] 'debugger' = 'ntsd -d'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<SYSTEM32>\logon.scr'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orz.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xfilter.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shadowtip.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderml.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safeboxtray.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spml_set.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FWMon.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gho_run.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebscd.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe] 'debugger' = 'ntsd -d'
- [<HKLM>\SYSTEM\ControlSet001\Services\NeTabstwork] 'ImagePath' = '<Full path to virus>'
- [<HKLM>\SYSTEM\ControlSet001\Services\NeTabstwork] 'Start' = '00000002'
- hidden files
- '<SYSTEM32>\net.exe' start NeTabstwork
- '<SYSTEM32>\net1.exe' stop Server /y
- '<SYSTEM32>\net1.exe' start NeTabstwork
- '<SYSTEM32>\cmd.exe' /c <Current directory>\fwone.bat
- '<SYSTEM32>\cmd.exe' /c <Current directory>\listsafe.bat
- '<SYSTEM32>\net.exe' stop Server /y
- '<SYSTEM32>\cmd.exe' /c <Current directory>\PC4.bat
- '%WINDIR%\regedit.exe' /S safehelp.reg
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /G administrators:F Administrator:F SYSTEM:F Users:F Everyone:F INTERACTIVE:F
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /G administrators:F Administrator:F SYSTEM:F Users:F Everyone:F INTERACTIVE:F
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /G administrators:F Administrator:F SYSTEM:F Users:F Everyone:F INTERACTIVE:F
- 360tray.exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\install[1].html
- <Current directory>\fwone.bat
- %ProgramFiles%\Internet Explorer\SIGNUP\Use-CRNJEUFU.exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\tainlist[1].html
- <Current directory>\listsafe.bat
- <Current directory>\safehelp.reg
- <Current directory>\web.dll
- <SYSTEM32>\safehelp.reg
- <Current directory>\PC4.bat
- <Full path to virus>
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\tainlist[1].html
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\install[1].html
- <Current directory>\safehelp.reg
- 'ta####st.3322.org':80
- 'localhost':1042
- '12#.#25.114.144':80
- 'localhost':1039
- http://ta####st.3322.org/tainlist.html
- http://ta####st.3322.org/install.html
- http://ta####st.3322.org/one.html
- DNS ASK ta####st.3322.org
- DNS ASK www.ba##u.com
- ClassName: 'Internet Explorer_TridentDlgFrame' WindowName: 'Internet Explorer ЅЕ±ѕґнОу'
- ClassName: 'Internet Explorer_TridentDlgFrame' WindowName: 'Internet Explorer ????????'
- ClassName: 'TFrmMain' WindowName: 'Internet Explorer ЅЕ±ѕґнОу'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'UIContainerClass' WindowName: 'Input Capture Window'
- ClassName: 'TFrmMain' WindowName: 'Internet Explorer'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'TFrmMain' WindowName: 'Internet Explorer ????????'
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''