Technical Information
Malicious functions:
Terminates or attempts to terminate
the following user processes:
- mpftray.exe
- GUARD.EXE
- fsav32.exe
- NAVAPW32.EXE
- ntvdm.exe
- ZONEALARM.EXE
- zapro.exe
- AVP.EXE
- AVGCTRL.EXE
- AVGCC32.EXE
- AVP32.EXE
- AVSYNMGR.EXE
- AVPM.EXE
- AVPCC.EXE
Modifies file system :
Deletes the following files:
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'