Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wmcsp' = '<SYSTEM32>\wmcsp.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svcvsp' = '<SYSTEM32>\svcvsp.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winvsp' = '<SYSTEM32>\winvsp.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vspmem' = '<SYSTEM32>\vspmem.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\winvsp] 'Start' = '00000002'
- hidden files
- '%WINDIR%\dvm.exe' wm 2864
- '<SYSTEM32>\vspmem.exe' rg
- '<SYSTEM32>\vspmem.exe'
- %WINDIR%\RCX48.tmp
- %WINDIR%\RCX47.tmp
- %WINDIR%\RCX49.tmp
- %WINDIR%\RCX4B.tmp
- %WINDIR%\RCX4A.tmp
- <SYSTEM32>\RCX43.tmp
- <SYSTEM32>\RCX42.tmp
- <SYSTEM32>\RCX44.tmp
- %WINDIR%\RCX46.tmp
- %WINDIR%\RCX45.tmp
- %WINDIR%\RCX4C.tmp
- %PROGRAM_FILES%\RCX53.tmp
- %WINDIR%\RCX52.tmp
- %PROGRAM_FILES%\RCX54.tmp
- %PROGRAM_FILES%\RCX56.tmp
- %PROGRAM_FILES%\RCX55.tmp
- %WINDIR%\RCX4E.tmp
- %WINDIR%\RCX4D.tmp
- %WINDIR%\RCX4F.tmp
- %WINDIR%\RCX51.tmp
- %WINDIR%\RCX50.tmp
- C:\vspconsole.exe
- C:\RCX35.tmp
- C:\RCX36.tmp
- C:\RCX37.tmp
- C:\dvm.exe
- C:\RCX33.tmp
- C:\vspmem.exe
- C:\wmcsp.exe
- C:\svcvsp.exe
- C:\RCX34.tmp
- C:\vspmng.exe
- <SYSTEM32>\RCX3E.tmp
- <SYSTEM32>\RCX3D.tmp
- <SYSTEM32>\RCX3F.tmp
- <SYSTEM32>\RCX41.tmp
- <SYSTEM32>\RCX40.tmp
- <SYSTEM32>\RCX39.tmp
- C:\RCX38.tmp
- <SYSTEM32>\RCX3A.tmp
- <SYSTEM32>\RCX3C.tmp
- <SYSTEM32>\RCX3B.tmp
- %PROGRAM_FILES%\RCX57.tmp
- C:\Far2\RCX73.tmp
- C:\Far2\RCX72.tmp
- C:\Far2\RCX74.tmp
- C:\Far2\RCX76.tmp
- C:\Far2\RCX75.tmp
- C:\RCX6E.tmp
- C:\RCX6D.tmp
- <Current directory>\RCX6F.tmp
- C:\Far2\RCX71.tmp
- <Current directory>\RCX70.tmp
- C:\Far2\RCX77.tmp
- C:\Far2\RCX7E.tmp
- C:\Far2\RCX7D.tmp
- C:\Far2\RCX7F.tmp
- <Auxiliary element>
- C:\Far2\RCX80.tmp
- C:\Far2\RCX79.tmp
- C:\Far2\RCX78.tmp
- C:\Far2\RCX7A.tmp
- C:\Far2\RCX7C.tmp
- C:\Far2\RCX7B.tmp
- %ALLUSERSPROFILE%\Application Data\RCX5E.tmp
- %ALLUSERSPROFILE%\Application Data\RCX5D.tmp
- %ALLUSERSPROFILE%\Application Data\RCX5F.tmp
- %HOMEPATH%\My Documents\RCX61.tmp
- %ALLUSERSPROFILE%\Application Data\RCX60.tmp
- %PROGRAM_FILES%\RCX59.tmp
- %PROGRAM_FILES%\RCX58.tmp
- %ALLUSERSPROFILE%\Application Data\RCX5A.tmp
- %ALLUSERSPROFILE%\Application Data\RCX5C.tmp
- %ALLUSERSPROFILE%\Application Data\RCX5B.tmp
- %HOMEPATH%\My Documents\RCX62.tmp
- C:\RCX69.tmp
- C:\RCX68.tmp
- C:\RCX6A.tmp
- C:\RCX6C.tmp
- C:\RCX6B.tmp
- %HOMEPATH%\My Documents\RCX64.tmp
- %HOMEPATH%\My Documents\RCX63.tmp
- %HOMEPATH%\My Documents\RCX65.tmp
- %HOMEPATH%\My Documents\RCX67.tmp
- %HOMEPATH%\My Documents\RCX66.tmp
- C:\RCX32.tmp
- %WINDIR%\wmcsp.exe
- %WINDIR%\RCX12.tmp
- %WINDIR%\RCX13.tmp
- %WINDIR%\svcvsp.exe
- %WINDIR%\RCX14.tmp
- %WINDIR%\RCXF.tmp
- %WINDIR%\winvsp.exe
- %WINDIR%\RCX10.tmp
- %WINDIR%\RCX11.tmp
- %WINDIR%\vspmem.exe
- %WINDIR%\RCX15.tmp
- %WINDIR%\RCX1A.tmp
- %WINDIR%\RCX19.tmp
- %WINDIR%\vspmng.exe
- %WINDIR%\RCX1C.tmp
- %WINDIR%\RCX1B.tmp
- %WINDIR%\vspconsole.exe
- %WINDIR%\RCX16.tmp
- %WINDIR%\RCX17.tmp
- %WINDIR%\dvm.exe
- %WINDIR%\RCX18.tmp
- <SYSTEM32>\wmcsp.exe
- <SYSTEM32>\RCX4.tmp
- <SYSTEM32>\RCX5.tmp
- <SYSTEM32>\svcvsp.exe
- <SYSTEM32>\RCX6.tmp
- <SYSTEM32>\RCX1.tmp
- <SYSTEM32>\winvsp.exe
- <SYSTEM32>\RCX2.tmp
- <SYSTEM32>\RCX3.tmp
- <SYSTEM32>\vspmem.exe
- <SYSTEM32>\RCX7.tmp
- <SYSTEM32>\RCXC.tmp
- <SYSTEM32>\RCXB.tmp
- <SYSTEM32>\vspmng.exe
- <SYSTEM32>\RCXE.tmp
- <SYSTEM32>\RCXD.tmp
- <SYSTEM32>\vspconsole.exe
- <SYSTEM32>\RCX8.tmp
- <SYSTEM32>\RCX9.tmp
- <SYSTEM32>\dvm.exe
- <SYSTEM32>\RCXA.tmp
- %PROGRAM_FILES%\winvsp.exe
- %HOMEPATH%\My Documents\winvsp.exe
- %ALLUSERSPROFILE%\Application Data\RCX2A.tmp
- %HOMEPATH%\My Documents\RCX2B.tmp
- %HOMEPATH%\My Documents\RCX2C.tmp
- %HOMEPATH%\My Documents\vspmem.exe
- %ALLUSERSPROFILE%\Application Data\RCX28.tmp
- %ALLUSERSPROFILE%\Application Data\vspconsole.exe
- %ALLUSERSPROFILE%\Application Data\dvm.exe
- %ALLUSERSPROFILE%\Application Data\vspmng.exe
- %ALLUSERSPROFILE%\Application Data\RCX29.tmp
- %HOMEPATH%\My Documents\wmcsp.exe
- %HOMEPATH%\My Documents\RCX30.tmp
- %HOMEPATH%\My Documents\dvm.exe
- %HOMEPATH%\My Documents\vspmng.exe
- C:\winvsp.exe
- %HOMEPATH%\My Documents\RCX31.tmp
- %HOMEPATH%\My Documents\svcvsp.exe
- %HOMEPATH%\My Documents\RCX2D.tmp
- %HOMEPATH%\My Documents\RCX2E.tmp
- %HOMEPATH%\My Documents\RCX2F.tmp
- %HOMEPATH%\My Documents\vspconsole.exe
- %PROGRAM_FILES%\RCX20.tmp
- %PROGRAM_FILES%\svcvsp.exe
- %PROGRAM_FILES%\vspconsole.exe
- %PROGRAM_FILES%\dvm.exe
- %PROGRAM_FILES%\RCX21.tmp
- %PROGRAM_FILES%\vspmem.exe
- %PROGRAM_FILES%\RCX1D.tmp
- %PROGRAM_FILES%\RCX1E.tmp
- %PROGRAM_FILES%\RCX1F.tmp
- %PROGRAM_FILES%\wmcsp.exe
- %PROGRAM_FILES%\RCX22.tmp
- %ALLUSERSPROFILE%\Application Data\wmcsp.exe
- %ALLUSERSPROFILE%\Application Data\RCX25.tmp
- %ALLUSERSPROFILE%\Application Data\RCX26.tmp
- %ALLUSERSPROFILE%\Application Data\RCX27.tmp
- %ALLUSERSPROFILE%\Application Data\svcvsp.exe
- %PROGRAM_FILES%\RCX23.tmp
- %PROGRAM_FILES%\vspmng.exe
- %ALLUSERSPROFILE%\Application Data\winvsp.exe
- %ALLUSERSPROFILE%\Application Data\vspmem.exe
- %ALLUSERSPROFILE%\Application Data\RCX24.tmp
- %ALLUSERSPROFILE%\Application Data\vspmng.exe
- %ALLUSERSPROFILE%\Application Data\dvm.exe
- %HOMEPATH%\My Documents\winvsp.exe
- %HOMEPATH%\My Documents\wmcsp.exe
- %HOMEPATH%\My Documents\vspmem.exe
- %ALLUSERSPROFILE%\Application Data\vspmem.exe
- %ALLUSERSPROFILE%\Application Data\winvsp.exe
- %ALLUSERSPROFILE%\Application Data\wmcsp.exe
- %ALLUSERSPROFILE%\Application Data\vspconsole.exe
- %ALLUSERSPROFILE%\Application Data\svcvsp.exe
- %HOMEPATH%\My Documents\svcvsp.exe
- C:\svcvsp.exe
- C:\wmcsp.exe
- C:\vspconsole.exe
- C:\vspmng.exe
- C:\dvm.exe
- %HOMEPATH%\My Documents\dvm.exe
- %HOMEPATH%\My Documents\vspconsole.exe
- %HOMEPATH%\My Documents\vspmng.exe
- C:\vspmem.exe
- C:\winvsp.exe
- <SYSTEM32>\vspmng.exe
- <SYSTEM32>\dvm.exe
- %WINDIR%\winvsp.exe
- %WINDIR%\wmcsp.exe
- %WINDIR%\vspmem.exe
- <SYSTEM32>\vspmem.exe
- <SYSTEM32>\winvsp.exe
- <SYSTEM32>\wmcsp.exe
- <SYSTEM32>\vspconsole.exe
- <SYSTEM32>\svcvsp.exe
- %WINDIR%\svcvsp.exe
- %PROGRAM_FILES%\svcvsp.exe
- %PROGRAM_FILES%\wmcsp.exe
- %PROGRAM_FILES%\vspconsole.exe
- %PROGRAM_FILES%\vspmng.exe
- %PROGRAM_FILES%\dvm.exe
- %WINDIR%\dvm.exe
- %WINDIR%\vspconsole.exe
- %WINDIR%\vspmng.exe
- %PROGRAM_FILES%\vspmem.exe
- %PROGRAM_FILES%\winvsp.exe
- %HOMEPATH%\My Documents\wmcsp.exe
- %HOMEPATH%\My Documents\vspmem.exe
- %HOMEPATH%\My Documents\svcvsp.exe
- %HOMEPATH%\My Documents\dvm.exe
- %HOMEPATH%\My Documents\vspconsole.exe
- %HOMEPATH%\My Documents\winvsp.exe
- %ALLUSERSPROFILE%\Application Data\svcvsp.exe
- %ALLUSERSPROFILE%\Application Data\wmcsp.exe
- %ALLUSERSPROFILE%\Application Data\vspconsole.exe
- %ALLUSERSPROFILE%\Application Data\vspmng.exe
- %ALLUSERSPROFILE%\Application Data\dvm.exe
- C:\vspmng.exe
- C:\dvm.exe
- <Full path to virus>
- <Auxiliary element>
- C:\Far2\Far.exe
- C:\vspconsole.exe
- C:\winvsp.exe
- %HOMEPATH%\My Documents\vspmng.exe
- C:\vspmem.exe
- C:\svcvsp.exe
- C:\wmcsp.exe
- %ALLUSERSPROFILE%\Application Data\vspmem.exe
- %WINDIR%\winvsp.exe
- <SYSTEM32>\vspmng.exe
- %WINDIR%\vspmem.exe
- %WINDIR%\svcvsp.exe
- %WINDIR%\wmcsp.exe
- <SYSTEM32>\dvm.exe
- <SYSTEM32>\vspmem.exe
- <SYSTEM32>\winvsp.exe
- <SYSTEM32>\wmcsp.exe
- <SYSTEM32>\vspconsole.exe
- <SYSTEM32>\svcvsp.exe
- %PROGRAM_FILES%\vspconsole.exe
- %PROGRAM_FILES%\svcvsp.exe
- %PROGRAM_FILES%\dvm.exe
- %ALLUSERSPROFILE%\Application Data\winvsp.exe
- %PROGRAM_FILES%\vspmng.exe
- %PROGRAM_FILES%\wmcsp.exe
- %WINDIR%\dvm.exe
- %WINDIR%\vspconsole.exe
- %WINDIR%\vspmng.exe
- %PROGRAM_FILES%\vspmem.exe
- %PROGRAM_FILES%\winvsp.exe
- from %PROGRAM_FILES%\RCX57.tmp to %PROGRAM_FILES%\vspconsole.exe
- from %PROGRAM_FILES%\RCX56.tmp to %PROGRAM_FILES%\svcvsp.exe
- from %PROGRAM_FILES%\RCX59.tmp to %PROGRAM_FILES%\vspmng.exe
- from %PROGRAM_FILES%\RCX58.tmp to %PROGRAM_FILES%\dvm.exe
- from %PROGRAM_FILES%\RCX53.tmp to %PROGRAM_FILES%\winvsp.exe
- from %WINDIR%\RCX52.tmp to %WINDIR%\vspmng.exe
- from %PROGRAM_FILES%\RCX55.tmp to %PROGRAM_FILES%\wmcsp.exe
- from %PROGRAM_FILES%\RCX54.tmp to %PROGRAM_FILES%\vspmem.exe
- from %ALLUSERSPROFILE%\Application Data\RCX5F.tmp to %ALLUSERSPROFILE%\Application Data\dvm.exe
- from %ALLUSERSPROFILE%\Application Data\RCX5E.tmp to %ALLUSERSPROFILE%\Application Data\vspconsole.exe
- from %HOMEPATH%\My Documents\RCX61.tmp to %HOMEPATH%\My Documents\winvsp.exe
- from %ALLUSERSPROFILE%\Application Data\RCX60.tmp to %ALLUSERSPROFILE%\Application Data\vspmng.exe
- from %ALLUSERSPROFILE%\Application Data\RCX5B.tmp to %ALLUSERSPROFILE%\Application Data\vspmem.exe
- from %ALLUSERSPROFILE%\Application Data\RCX5A.tmp to %ALLUSERSPROFILE%\Application Data\winvsp.exe
- from %ALLUSERSPROFILE%\Application Data\RCX5D.tmp to %ALLUSERSPROFILE%\Application Data\svcvsp.exe
- from %ALLUSERSPROFILE%\Application Data\RCX5C.tmp to %ALLUSERSPROFILE%\Application Data\wmcsp.exe
- from %WINDIR%\RCX47.tmp to %WINDIR%\vspmem.exe
- from %WINDIR%\RCX46.tmp to %WINDIR%\winvsp.exe
- from %WINDIR%\RCX49.tmp to %WINDIR%\wmcsp.exe
- from %WINDIR%\RCX48.tmp to %WINDIR%\vspmem.exe
- from <SYSTEM32>\RCX43.tmp to <SYSTEM32>\vspmng.exe
- from <SYSTEM32>\RCX42.tmp to <SYSTEM32>\dvm.exe
- from %WINDIR%\RCX45.tmp to %WINDIR%\winvsp.exe
- from <SYSTEM32>\RCX44.tmp to <SYSTEM32>\vspmng.exe
- from %WINDIR%\RCX4F.tmp to %WINDIR%\dvm.exe
- from %WINDIR%\RCX4E.tmp to %WINDIR%\vspconsole.exe
- from %WINDIR%\RCX51.tmp to %WINDIR%\vspmng.exe
- from %WINDIR%\RCX50.tmp to %WINDIR%\dvm.exe
- from %WINDIR%\RCX4B.tmp to %WINDIR%\svcvsp.exe
- from %WINDIR%\RCX4A.tmp to %WINDIR%\wmcsp.exe
- from %WINDIR%\RCX4D.tmp to %WINDIR%\vspconsole.exe
- from %WINDIR%\RCX4C.tmp to %WINDIR%\svcvsp.exe
- from C:\Far2\RCX77.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX76.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX79.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX78.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX73.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX72.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX75.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX74.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX7F.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX7E.tmp to C:\Far2\Far.exe
- from <Auxiliary element> to <Auxiliary element>
- from C:\Far2\RCX80.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX7B.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX7A.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX7D.tmp to C:\Far2\Far.exe
- from C:\Far2\RCX7C.tmp to C:\Far2\Far.exe
- from %HOMEPATH%\My Documents\RCX67.tmp to %HOMEPATH%\My Documents\vspmng.exe
- from %HOMEPATH%\My Documents\RCX66.tmp to %HOMEPATH%\My Documents\dvm.exe
- from C:\RCX69.tmp to C:\vspmem.exe
- from C:\RCX68.tmp to C:\winvsp.exe
- from %HOMEPATH%\My Documents\RCX63.tmp to %HOMEPATH%\My Documents\wmcsp.exe
- from %HOMEPATH%\My Documents\RCX62.tmp to %HOMEPATH%\My Documents\vspmem.exe
- from %HOMEPATH%\My Documents\RCX65.tmp to %HOMEPATH%\My Documents\vspconsole.exe
- from %HOMEPATH%\My Documents\RCX64.tmp to %HOMEPATH%\My Documents\svcvsp.exe
- from <Current directory>\RCX6F.tmp to <Full path to virus>
- from C:\RCX6E.tmp to C:\vspmng.exe
- from C:\Far2\RCX71.tmp to C:\Far2\Far.exe
- from <Current directory>\RCX70.tmp to <Full path to virus>
- from C:\RCX6B.tmp to C:\svcvsp.exe
- from C:\RCX6A.tmp to C:\wmcsp.exe
- from C:\RCX6D.tmp to C:\dvm.exe
- from C:\RCX6C.tmp to C:\vspconsole.exe
- from <SYSTEM32>\RCX41.tmp to <SYSTEM32>\dvm.exe
- from %WINDIR%\RCX16.tmp to %WINDIR%\svcvsp.exe
- from %WINDIR%\RCX15.tmp to %WINDIR%\svcvsp.exe
- from %WINDIR%\RCX18.tmp to %WINDIR%\vspconsole.exe
- from %WINDIR%\RCX17.tmp to %WINDIR%\vspconsole.exe
- from %WINDIR%\RCX12.tmp to %WINDIR%\vspmem.exe
- from %WINDIR%\RCX11.tmp to %WINDIR%\vspmem.exe
- from %WINDIR%\RCX14.tmp to %WINDIR%\wmcsp.exe
- from %WINDIR%\RCX13.tmp to %WINDIR%\wmcsp.exe
- from %PROGRAM_FILES%\RCX1E.tmp to %PROGRAM_FILES%\vspmem.exe
- from %PROGRAM_FILES%\RCX1D.tmp to %PROGRAM_FILES%\winvsp.exe
- from %PROGRAM_FILES%\RCX20.tmp to %PROGRAM_FILES%\svcvsp.exe
- from %PROGRAM_FILES%\RCX1F.tmp to %PROGRAM_FILES%\wmcsp.exe
- from %WINDIR%\RCX1A.tmp to %WINDIR%\dvm.exe
- from %WINDIR%\RCX19.tmp to %WINDIR%\dvm.exe
- from %WINDIR%\RCX1C.tmp to %WINDIR%\vspmng.exe
- from %WINDIR%\RCX1B.tmp to %WINDIR%\vspmng.exe
- from <SYSTEM32>\RCX6.tmp to <SYSTEM32>\wmcsp.exe
- from <SYSTEM32>\RCX5.tmp to <SYSTEM32>\wmcsp.exe
- from <SYSTEM32>\RCX8.tmp to <SYSTEM32>\svcvsp.exe
- from <SYSTEM32>\RCX7.tmp to <SYSTEM32>\svcvsp.exe
- from <SYSTEM32>\RCX2.tmp to <SYSTEM32>\winvsp.exe
- from <SYSTEM32>\RCX1.tmp to <SYSTEM32>\winvsp.exe
- from <SYSTEM32>\RCX4.tmp to <SYSTEM32>\vspmem.exe
- from <SYSTEM32>\RCX3.tmp to <SYSTEM32>\vspmem.exe
- from <SYSTEM32>\RCXE.tmp to <SYSTEM32>\vspmng.exe
- from <SYSTEM32>\RCXD.tmp to <SYSTEM32>\vspmng.exe
- from %WINDIR%\RCX10.tmp to %WINDIR%\winvsp.exe
- from %WINDIR%\RCXF.tmp to %WINDIR%\winvsp.exe
- from <SYSTEM32>\RCXA.tmp to <SYSTEM32>\vspconsole.exe
- from <SYSTEM32>\RCX9.tmp to <SYSTEM32>\vspconsole.exe
- from <SYSTEM32>\RCXC.tmp to <SYSTEM32>\dvm.exe
- from <SYSTEM32>\RCXB.tmp to <SYSTEM32>\dvm.exe
- from C:\RCX36.tmp to C:\vspconsole.exe
- from C:\RCX35.tmp to C:\svcvsp.exe
- from C:\RCX38.tmp to C:\vspmng.exe
- from C:\RCX37.tmp to C:\dvm.exe
- from C:\RCX32.tmp to C:\winvsp.exe
- from %HOMEPATH%\My Documents\RCX31.tmp to %HOMEPATH%\My Documents\vspmng.exe
- from C:\RCX34.tmp to C:\wmcsp.exe
- from C:\RCX33.tmp to C:\vspmem.exe
- from <SYSTEM32>\RCX3E.tmp to <SYSTEM32>\svcvsp.exe
- from <SYSTEM32>\RCX3D.tmp to <SYSTEM32>\svcvsp.exe
- from <SYSTEM32>\RCX40.tmp to <SYSTEM32>\vspconsole.exe
- from <SYSTEM32>\RCX3F.tmp to <SYSTEM32>\vspconsole.exe
- from <SYSTEM32>\RCX3A.tmp to <SYSTEM32>\winvsp.exe
- from <SYSTEM32>\RCX39.tmp to <SYSTEM32>\winvsp.exe
- from <SYSTEM32>\RCX3C.tmp to <SYSTEM32>\wmcsp.exe
- from <SYSTEM32>\RCX3B.tmp to <SYSTEM32>\wmcsp.exe
- from %ALLUSERSPROFILE%\Application Data\RCX26.tmp to %ALLUSERSPROFILE%\Application Data\wmcsp.exe
- from %ALLUSERSPROFILE%\Application Data\RCX25.tmp to %ALLUSERSPROFILE%\Application Data\vspmem.exe
- from %ALLUSERSPROFILE%\Application Data\RCX28.tmp to %ALLUSERSPROFILE%\Application Data\vspconsole.exe
- from %ALLUSERSPROFILE%\Application Data\RCX27.tmp to %ALLUSERSPROFILE%\Application Data\svcvsp.exe
- from %PROGRAM_FILES%\RCX22.tmp to %PROGRAM_FILES%\dvm.exe
- from %PROGRAM_FILES%\RCX21.tmp to %PROGRAM_FILES%\vspconsole.exe
- from %ALLUSERSPROFILE%\Application Data\RCX24.tmp to %ALLUSERSPROFILE%\Application Data\winvsp.exe
- from %PROGRAM_FILES%\RCX23.tmp to %PROGRAM_FILES%\vspmng.exe
- from %HOMEPATH%\My Documents\RCX2E.tmp to %HOMEPATH%\My Documents\svcvsp.exe
- from %HOMEPATH%\My Documents\RCX2D.tmp to %HOMEPATH%\My Documents\wmcsp.exe
- from %HOMEPATH%\My Documents\RCX30.tmp to %HOMEPATH%\My Documents\dvm.exe
- from %HOMEPATH%\My Documents\RCX2F.tmp to %HOMEPATH%\My Documents\vspconsole.exe
- from %ALLUSERSPROFILE%\Application Data\RCX2A.tmp to %ALLUSERSPROFILE%\Application Data\vspmng.exe
- from %ALLUSERSPROFILE%\Application Data\RCX29.tmp to %ALLUSERSPROFILE%\Application Data\dvm.exe
- from %HOMEPATH%\My Documents\RCX2C.tmp to %HOMEPATH%\My Documents\vspmem.exe
- from %HOMEPATH%\My Documents\RCX2B.tmp to %HOMEPATH%\My Documents\winvsp.exe
- from <Full path to virus> to <Current directory>\<Virus name>
- '<Private IP address>':139
- '<Private IP address>':445