Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, killer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Runonce' = '%WINDIR%\myloveever.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\RCX7.tmp
- %HOMEPATH%\Start Menu\Programs\Startup\ _backup.exe
- %HOMEPATH%\Start Menu\Programs\Startup\ .exe
- <Drive name for removable media>:\myloveever_backup.exe
- <Drive name for removable media>:\Bloc-notes.exe
- <Drive name for removable media>:\RCXD.tmp
- <Drive name for removable media>:\RCXA.tmp
- <Drive name for removable media>:\myloveever.exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\New Folder.exe
- <Drive name for removable media>:\New Folder (2).exe
- hidden files
- '%TEMP%\svchost.exe'
- '%TEMP%\myloveever.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES9.tmp" "%TEMP%\vbc8.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\e6dxiv8o.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC.tmp" "%TEMP%\vbcB.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\98yc4mae.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\vbc3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\--uwam4w.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6.tmp" "%TEMP%\vbc5.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\qxr31jgf.cmdline"
- %TEMP%\windowsupdate.ico
- %TEMP%\RES6.tmp
- %TEMP%\vACzPd.resources
- %TEMP%\e6dxiv8o.0.vb
- %TEMP%\KtVjmMbs.resources
- %TEMP%\vbc5.tmp
- %TEMP%\whatdafock.txt
- %TEMP%\IWRvuQlN.resources
- %TEMP%\qxr31jgf.0.vb
- %TEMP%\qxr31jgf.out
- %TEMP%\qxr31jgf.cmdline
- %TEMP%\98yc4mae.cmdline
- %TEMP%\98yc4mae.0.vb
- %TEMP%\98yc4mae.out
- %TEMP%\RESC.tmp
- %TEMP%\vbcB.tmp
- %TEMP%\darOT.resources
- %TEMP%\e6dxiv8o.out
- %TEMP%\e6dxiv8o.cmdline
- %TEMP%\vbc8.tmp
- %TEMP%\ByIgSXwwh.resources
- %TEMP%\RES9.tmp
- %TEMP%\FrBJl.resources
- %WINDIR%\autorun.inf
- %TEMP%\34Y1u6.resources
- %TEMP%\MSNPSharp.dll
- %TEMP%\--uwam4w.cmdline
- %TEMP%\--uwam4w.0.vb
- %TEMP%\aut2.tmp
- %TEMP%\myloveever.exe
- %TEMP%\fvzxCg.resources
- %TEMP%\svchost.exe
- %TEMP%\sxdzcqt
- %TEMP%\aut1.tmp
- C:\New Folder (2).exe
- C:\myloveever.exe
- C:\New Folder.exe
- %TEMP%\--uwam4w.exe
- %TEMP%\RES4.tmp
- C:\autorun.inf
- %WINDIR%\myloveever.exe
- %TEMP%\--uwam4w.out
- %WINDIR%\killer.exe
- %TEMP%\vbc3.tmp
- %WINDIR%\YahooMessenger.exe
- C:\myloveever.exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\myloveever.exe
- C:\autorun.inf
- %WINDIR%\killer.exe
- %WINDIR%\myloveever.exe
- %WINDIR%\autorun.inf
- %TEMP%\RES9.tmp
- <Drive name for removable media>:\New Folder.exe
- %TEMP%\vbc8.tmp
- %TEMP%\e6dxiv8o.cmdline
- %TEMP%\e6dxiv8o.0.vb
- C:\New Folder.exe
- C:\New Folder (2).exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\New Folder (2).exe
- <Drive name for removable media>:\myloveever.exe
- %TEMP%\e6dxiv8o.out
- %TEMP%\98yc4mae.0.vb
- %TEMP%\98yc4mae.cmdline
- %TEMP%\98yc4mae.out
- %TEMP%\darOT.resources
- %TEMP%\ByIgSXwwh.resources
- %TEMP%\KtVjmMbs.resources
- %TEMP%\vACzPd.resources
- <Drive name for removable media>:\myloveever_backup.exe
- %TEMP%\vbcB.tmp
- %TEMP%\RESC.tmp
- %TEMP%\--uwam4w.out
- %TEMP%\--uwam4w.0.vb
- %TEMP%\--uwam4w.exe
- %TEMP%\RES6.tmp
- %TEMP%\--uwam4w.cmdline
- %TEMP%\sxdzcqt
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\vbc3.tmp
- %TEMP%\RES4.tmp
- %TEMP%\vbc5.tmp
- %TEMP%\windowsupdate.ico
- %HOMEPATH%\Start Menu\Programs\Startup\ _backup.exe
- %HOMEPATH%\Start Menu\Programs\Startup\ .exe
- C:\myloveever.exe
- C:\autorun.inf
- %TEMP%\qxr31jgf.0.vb
- %TEMP%\qxr31jgf.cmdline
- %TEMP%\qxr31jgf.out
- %TEMP%\IWRvuQlN.resources
- %TEMP%\FrBJl.resources
- '17#.#3.169.14':80
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''