Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\run] 'SymantecUpdate' = ''
Modifies file system :
Creates the following files:
- %WINDIR%\up.bak
Deletes the following files:
- %WINDIR%\up.bak
Moves itself:
- from <Full path to virus> to %TEMP%\vptray.exe
Network activity:
Connects to:
- 'ta####.dtdns.net':443
UDP:
- DNS ASK ta####.dtdns.net
Miscellaneous:
Searches for the following windows:
- ClassName: 'Indicator' WindowName: ''