Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\360safe.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\ЅрЙЅНш¶Ь.lnk
- %TEMP%\Vshion9312.exe
- %TEMP%\klivesetup_1.15.0.595_18.9.exe
- %TEMP%\uaua9312.exe
- %ALLUSERSPROFILE%\Start Menu\<Virus name>.exe
- %TEMP%\Chaosuq.exe
- %TEMP%\klivesetup_1.15.0.595_18.9.exe (downloaded from the Internet)
- %TEMP%\uaua9312.exe (downloaded from the Internet)
- %TEMP%\Chaosuq.exe (downloaded from the Internet)
- %TEMP%\Vshion9312.exe (downloaded from the Internet)
- <SYSTEM32>\attrib.exe "%HOMEPATH%\Desktop\├└┼о╩╙╞╡.url" +R +S
- <SYSTEM32>\attrib.exe "%HOMEPATH%\Desktop\╘┌╧▀╡ч╙░.url" +R +S
- <SYSTEM32>\attrib.exe "%HOMEPATH%\Desktop\┴ў╨╨╥Ї└╓.url" +R +S
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\╠╘▒ж╣║╬я.url" /p everyone:f
- <SYSTEM32>\attrib.exe "%ALLUSERSPROFILE%\Application Data\Kingsoft\kws\kws.ini" +R +S
- <SYSTEM32>\attrib.exe "%HOMEPATH%\Desktop\░╦╪╘╔л═╝.url" +R +S
- <SYSTEM32>\attrib.exe "%HOMEPATH%\Desktop\╠╘▒ж╣║╬я.url" +R +S
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\╘┌╧▀╡ч╙░.url" /p everyone:R
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\┴ў╨╨╥Ї└╓.url" /p everyone:R
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\╠╘▒ж╣║╬я.url" /p everyone:R
- <SYSTEM32>\cacls.exe "%ALLUSERSPROFILE%\Application Data\Kingsoft\kws\kws.ini" /p everyone:R
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\░╦╪╘╔л═╝.url" /p everyone:R
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\├└┼о╩╙╞╡.url" /p everyone:R
- <SYSTEM32>\cmd.exe /c %TEMP%\8TORd.bat
- <SYSTEM32>\expand.exe "%TEMP%\kingsoft.cab" -F:*.* "%PROGRAM_FILES%\kingsofta"
- <SYSTEM32>\expand.exe "%TEMP%\url.cab" -F:*.* "%HOMEPATH%\Desktop
- %WINDIR%\explorer.exe http://www.77##h.com/?uk#
- <SYSTEM32>\cmd.exe /c %TEMP%\CfpgU.bat
- <SYSTEM32>\expand.exe "%TEMP%\ico.cab" -F:*.* "<SYSTEM32>"
- <SYSTEM32>\cmd.exe /c %TEMP%\lnk.bat
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\├└┼о╩╙╞╡.url" /p everyone:f
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\╘┌╧▀╡ч╙░.url" /p everyone:f
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\┴ў╨╨╥Ї└╓.url" /p everyone:f
- <SYSTEM32>\ping.exe -n 3 127.0.0.1
- <SYSTEM32>\cacls.exe "%ALLUSERSPROFILE%\Application Data\Kingsoft\kws\kws.ini" /p everyone:f
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Desktop\░╦╪╘╔л═╝.url" /p everyone:f
- %PROGRAM_FILES%\Windows NT\qKbR9.dll
- %PROGRAM_FILES%\kingsofta\kingsoft.cab
- %PROGRAM_FILES%\Windows NT\Pinball\qKbR9.dll
- %ALLUSERSPROFILE%\Start Menu\ЅрЙЅНш¶Ь.lnk
- <Auxiliary element>
- %TEMP%\8TORd.bat
- %ALLUSERSPROFILE%\Desktopkws\kws.ini
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\qKbR9.dll
- %PROGRAM_FILES%\Outlook Express\qKbR9.dll
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\qKbR9.dll
- %TEMP%\Chaosuq.exe
- %HOMEPATH%\Desktop\ФЪПЯµзУ°.url
- %TEMP%\Vshion9312.exe
- %TEMP%\klivesetup_1.15.0.595_18.9.exe
- %TEMP%\uaua9312.exe
- %HOMEPATH%\Desktop\°ЛШФЙ«Нј.url
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\779dh[1]
- %HOMEPATH%\Desktop\БчРРТфАЦ.url
- %HOMEPATH%\Desktop\МФ±¦№єОп.url
- %HOMEPATH%\Desktop\ГАЕ®КУЖµ.url
- %TEMP%\kingsoft.cab
- %TEMP%\lnk.bat
- %PROGRAM_FILES%\FireFox\qKbR9.dll
- %TEMP%\ico.cab
- <SYSTEM32>\safe.ico
- %TEMP%\url.cab
- %TEMP%\zs.bat
- %ALLUSERSPROFILE%\Start Menu\<Virus name>.exe
- C:\Far2\qKbR9.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\qKbR9.dll
- %CommonProgramFiles%\Microsoft Shared\DW\qKbR9.dll
- <SYSTEM32>\Film.ico
- <SYSTEM32>\Beauty.ico
- <SYSTEM32>\Music.ico
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\qKbR9.dll
- %PROGRAM_FILES%\Movie Maker\qKbR9.dll
- %PROGRAM_FILES%\FireFox\uninstall\qKbR9.dll
- %TEMP%\CfpgU.bat
- %PROGRAM_FILES%\Messenger\qKbR9.dll
- <SYSTEM32>\Video.ico
- <SYSTEM32>\taobao.ico
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\qKbR9.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\qKbR9.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\qKbR9.dll
- %PROGRAM_FILES%\Outlook Express\qKbR9.dll
- <Auxiliary element>
- %PROGRAM_FILES%\Windows NT\Pinball\qKbR9.dll
- %PROGRAM_FILES%\Windows NT\qKbR9.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\qKbR9.dll
- %CommonProgramFiles%\Microsoft Shared\DW\qKbR9.dll
- C:\Far2\qKbR9.dll
- %PROGRAM_FILES%\FireFox\qKbR9.dll
- %PROGRAM_FILES%\Movie Maker\qKbR9.dll
- %PROGRAM_FILES%\Messenger\qKbR9.dll
- %PROGRAM_FILES%\FireFox\uninstall\qKbR9.dll
- %TEMP%\kingsoft.cab
- %TEMP%\ico.cab
- '22#.#17.240.30':80
- 'www.77##h.com':80
- 't.##ad.com':80
- 'u.##315.com':80
- 'localhost':1041
- 'www.33##.org':80
- 'v.##o63.com':80
- 'tt.#kad.com':80
- 'ht.##down.com':80
- 22#.#17.240.30/soft/Vshion9312.exe
- tt.#kad.com/Chaosuq.exe
- t.##ad.com/klivesetup_1.15.0.595_18.9.exe
- u.##315.com/getcode/uaua9312.exe
- www.77##h.com/?uk#
- www.33##.org/dyndns/getip
- v.##o63.com/rundll.dll
- tt.#kad.com/kingsoft.cab
- ht.##down.com/cj4/up_1.asp?a=###########################
- DNS ASK www.77##h.com
- DNS ASK u.##315.com
- DNS ASK t.##ad.com
- DNS ASK tt.#kad.com
- DNS ASK v.##o63.com
- DNS ASK www.33##.org
- DNS ASK ht.##down.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''