Technical Information
- '%TEMP%\_ir_sf_temp_0\ClickA7pic.exe'
- '%TEMP%\GotClip_Setup.exe'
- '%TEMP%\_ir_sf_temp_0\ClickAgotc.exe'
- '%TEMP%\7picloader.exe'
- '%TEMP%\_ir_sf_temp_0\ClickA7Zip.exe'
- '%TEMP%\eMuleSetup.exe'
- '%TEMP%\_ir_sf_temp_0\ClickAemule.exe'
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:1742194 "__IRAFN:<Full path to virus>" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
- '%TEMP%\_ir_sf_temp_0\ClickA.exe'
- '%TEMP%\_ir_sf_temp_0\dislike_facebook_ff_chrome.exe'
- '%TEMP%\GinoPlayer_Setup.exe'
- '%TEMP%\InstallMonetizer.exe'
- '%TEMP%\_ir_sf_temp_0\ClickAginp.exe'
- '%TEMP%\GinoPlayer_Setup.exe' (downloaded from the Internet)
- '%TEMP%\eMuleSetup.exe' (downloaded from the Internet)
- '%TEMP%\GotClip_Setup.exe' (downloaded from the Internet)
- '%TEMP%\InstallMonetizer.exe' (downloaded from the Internet)
- '%TEMP%\7picloader.exe' (downloaded from the Internet)
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\tabs\observer.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\tabs\tab.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\tabs\events.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\dom\events.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\events\assembler.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\utils\function.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\utils\registry.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\utils\data.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\tabs\utils.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\traits\core.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\content\worker.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\window-utils.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\xhr.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\url.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\traits.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\unload.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\content\loader.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\content\symbiont.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\content\content-proxy.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\xpcom.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\xul-app.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\utils\thumbnail.js
- %TEMP%\GinoPlayer_Setup.exe
- %TEMP%\GotClip_Setup.exe
- %TEMP%\InstallMonetizer.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\jquery-1.6.2.min.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-lib\main.js
- %TEMP%\7zipSetup.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\SH6b[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\SH69[1]
- %TEMP%\7picloader.exe
- %TEMP%\eMuleSetup.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\fbdtranslations.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\windows\tabs.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\dislike-small.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\windows\observer.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\windows\dom.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\windows\loader.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\fbdislike.css
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\fbdislike.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\dislike48.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\dislike.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-fdislike-data\dislike128.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\bootstrap.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\harness-options.json
- <LS_APPDATA>\Google\Chrome\User Data\Default\dislike_button.crx
- %TEMP%\_ir_sf_temp_0\ClickA7Zip.exe
- %TEMP%\_ir_sf_temp_0\ClickAemule.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-addon-kit-lib\request.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-addon-kit-lib\windows.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-addon-kit-lib\page-mod.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\install.rdf
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\components\harness.js
- %TEMP%\_ir_sf_temp_0\dislike_facebook_ff_chrome.exe
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %TEMP%\_ir_sf_temp_0\ClickA7pic.exe
- %TEMP%\_ir_sf_temp_0\ClickABabylon.exe
- %TEMP%\_ir_sf_temp_0\ClickAginp.exe
- %TEMP%\_ir_sf_temp_0\ClickA.exe
- %TEMP%\_ir_sf_temp_0\ClickAgotc.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\api-utils.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\plain-text-console.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\securable-module.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\observer-service.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\match-pattern.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\memory.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\timer.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\traceback.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\text-streams.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\self-maker.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\shims.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\list.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\cortex.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\cuddlefish.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\content.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\byte-streams.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\collection.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\hidden-frame.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\light-traits.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\file.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\errors.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\support@sweetplugins.com\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\events.js
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- 'tr######.conversionads.com':80
- 'or########.fivemillionfriends.com':80
- 'in#####.#reedownloadsoft.net':80
- 'localhost':1046
- 'localhost':1042
- 'www.gi###rack.com':80
- 'www.nt###one.com':80
- '7p##.com':80
- 'www.ma###lips.com':80
- tr######.conversionads.com/SH69
- or########.fivemillionfriends.com/IC/GPLAppBundler69/32133/0/91a7be2c-7a92-4e1d-af4f-a99f3ece4ba5/eMuleSetup.exe
- tr######.conversionads.com/SH6b
- in#####.#reedownloadsoft.net/installer/zcdownload/4296b7a28247f69ef611ef1b24b5949423f1ffafa015a67334ad342fb617ffbeff5977b8ff:afb8e325dbad1b280e371ef63e6ec6d3/?lp##############################################################################
- 7p##.com/download/?a=####
- www.gi###rack.com/download/16270
- www.nt###one.com/download.php?k4######
- 7p##.com/l/1/?a=####
- www.ma###lips.com/download/16270
- DNS ASK or########.fivemillionfriends.com
- DNS ASK tr######.conversionads.com
- DNS ASK in#####.#reedownloadsoft.net
- DNS ASK 7p##.com
- DNS ASK www.nt###one.com
- DNS ASK www.gi###rack.com
- DNS ASK www.ma###lips.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Preparing to install RealPlayer'
- ClassName: '(null)' WindowName: 'RealPlayer Installation'
- ClassName: '' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'InstallManager Setup'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'GinoPlayer Setup'
- ClassName: '(null)' WindowName: 'Loading...'
- ClassName: '(null)' WindowName: 'GotClip Downloader Setup'