Technical Information
- '<SYSTEM32>\findstr.exe' /pid=3980
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"download.lavasoft.de" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /pid=4044
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"download.mcafee.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /pid=3848
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"download.bleepingcomputer.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /pid=3916
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"download.f-secure.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"dreamwiz.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /I /C:"dozleng.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"drweb.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"dreamwiz.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /pid=1356
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"download.nai.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /pid=2404
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"download.sysinternals.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /I /C:"csrrt.org" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"computing.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"cwsandbox.org" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"customer.symantec.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"commonsensesecurity.info" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"clamwin.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"complex.is" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"comodo.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"diamondcs.com.au" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"dials.ru" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"down.360safe.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"discussions.virtualdr.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"d-a-l.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"cyberanswers.org" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"dazhizhu.cn" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"daniweb.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"forum.securitycadets.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"forum.piriform.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"forum.telecharger.01net.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"forum.sysinternals.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"fortinet.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"fortiguardcenter.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"forum.malekal.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"forum.hijackthis.de" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"free.avg.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"f-prot.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /I /C:"free-av.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"free.grisoft.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"forums.majorgeeks.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"forums.maddoktor2.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"forums.whatthetech.com" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"forums.techguy.org" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /I /C:"eset.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"eradicatespyware.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"experts-exchange.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"ewido.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /c findstr /I /C:"elitepvpers.de" <DRIVERS>\etc\hosts > nul
- '<SYSTEM32>\findstr.exe' /I /C:"eAladdin.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"emsisoft.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /pid=2772
- '<SYSTEM32>\findstr.exe' /pid=3368
- '<SYSTEM32>\findstr.exe' /I /C:"final4ever.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"forospyware.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"firewallguide.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"file.ikaka.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"feedback.agnitum.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"files.filefont.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /pid=3276
- '<SYSTEM32>\findstr.exe' /I /C:"antivirus.comodo.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"antivirus.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"assiste.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"arcabit.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"antivir.es" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"antispywareoffensief.nl" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"anti-virus.by" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"antivirus.about.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avg-antivirus.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avg.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avira.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avira.com " <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"auditmypc.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"atribune.org" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avast.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"authentium.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"5starsupport.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"360safe.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"adwareaway.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"about.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"2ca.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"localhost" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"360.cn" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"2-spyware.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"andymanchesta.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"analysis.seclab.tuwien.ac.at" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"antislyware.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"antirootkit.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"aldria.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"ahnlab.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"amazingtechs.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"alground.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"castlecrops.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"castlecorps.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"centralcommand.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"cddchiangmai.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"ca.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bluetack.co.uk" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"castlecops.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"carmainc.org" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"clamav.net " <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"cit.kookmin.ac.kr" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /pid=3220
- '<SYSTEM32>\findstr.exe' /I /C:"clamav.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"cfasi.fr" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"cfan.com.cn" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"chkrootkit.org" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"changelog.fr" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bbs.360safe.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"baike.360.cn" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bbs.ikaka.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bbs.cfan.com.cn" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avlab-ua.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avlab.comodo.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"baidu.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"avp.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bleepingcomputer.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bleedingthreats.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"blog.threatfire.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"blog.hispasec.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bfccomputers.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"besttechie.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bitdefender.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\findstr.exe' /I /C:"bit9.com" <DRIVERS>\etc\hosts
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\findstr.exe
- <DRIVERS>\etc\hosts-20130627181651
- %TEMP%\Ot
- %TEMP%\aut1.tmp
- %TEMP%\Ot
- %TEMP%\aut1.tmp