Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ccApm' = '%WINDIR%\msn.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Norton' = '%WINDIR%\msn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\vdzones\cmss.exe' = '%WINDIR%\vdzones\cmss.exe:*:Enabled:cmss.exe'
- hidden files
- %WINDIR%\msn.exe
- %WINDIR%\vdzones\lsass.exe
- %TEMP%\Compress0\desktop.exe
- %WINDIR%\vdzones\cmss.exe
- <SYSTEM32>\cacls.exe %PROGRAM_FILES%\Accessories\Common /G Everyone:f
- <SYSTEM32>\cacls.exe %WINDIR%\vdzones /G Everyone:f
- bdss.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %TEMP%\Compress0\type.dll
- %TEMP%\Compress0\unin.dll
- %TEMP%\Compress0\services.exe
- %TEMP%\Compress0\ssap.dll
- %TEMP%\Compress0\user.dll
- %TEMP%\Compress0\ushost.dll
- %TEMP%\Compress0\unir.exe
- %TEMP%\Compress0\update.dll
- %TEMP%\Compress0\scen.dll
- %TEMP%\Compress0\scint.dll
- %TEMP%\Compress0\sccle.dll
- %TEMP%\Compress0\scday.dll
- %TEMP%\Compress0\seek.dll
- %TEMP%\Compress0\seekil.dll
- %TEMP%\Compress0\scint2.dll
- %TEMP%\Compress0\scloc.dll
- %TEMP%\Compress0\weben.dll
- %PROGRAM_FILES%\Accessories\Common\desktop.ini
- %WINDIR%\slog.dll
- %WINDIR%\ziplog.txt
- <SYSTEM32>\MSWINSCK.OCX
- %PROGRAM_FILES%\Accessories\Common\WebsitesDetail.txt
- %PROGRAM_FILES%\Accessories\Common\clog.txt
- %PROGRAM_FILES%\Accessories\Common\OnlineTime.txt
- %PROGRAM_FILES%\Accessories\Common\WebsitesSummary.txt
- %WINDIR%\vdzones\lsass.exe
- %TEMP%\Compress0\winsyst32.exe
- %TEMP%\Compress0\ziplog.txt
- %WINDIR%\ruto32.exe
- %WINDIR%\refsdm.dll
- %WINDIR%\vdzones\cmss.exe
- %WINDIR%\msn.exe
- %TEMP%\Compress0\scan.dll
- %TEMP%\Compress0\ftsv.dll
- %TEMP%\Compress0\ftus.dll
- %TEMP%\Compress0\ftpa.dll
- %TEMP%\Compress0\ftps.dll
- %TEMP%\Compress0\inter.dll
- %TEMP%\Compress0\inuser.dll
- %TEMP%\Compress0\hrreg.dll
- %TEMP%\Compress0\inmsg.dll
- %TEMP%\Compress0\delkl.dll
- %TEMP%\Compress0\desktop.exe
- %TEMP%\Compress0\ass.dll
- %TEMP%\Compress0\banner1.jpg
- %TEMP%\Compress0\ftde.dll
- %TEMP%\Compress0\ften.dll
- %TEMP%\Compress0\dete.dll
- %TEMP%\Compress0\dunin.dll
- %TEMP%\Compress0\mail.dll
- %TEMP%\Compress0\rmdesk.dll
- %TEMP%\Compress0\rvhost.dll
- %TEMP%\Compress0\refsdm.dll
- %TEMP%\Compress0\resu.dll
- %TEMP%\Compress0\rwci.dll
- %TEMP%\Compress0\rwcs.dll
- %TEMP%\Compress0\rvport.dll
- %TEMP%\Compress0\rwce.dll
- %TEMP%\Compress0\msn.exe
- %TEMP%\Compress0\MSWINSCK.OCX
- %TEMP%\Compress0\mailkl.dll
- %TEMP%\Compress0\mailsc.dll
- %TEMP%\Compress0\port.dll
- %TEMP%\Compress0\pwhost.dll
- %TEMP%\Compress0\oem.dll
- %TEMP%\Compress0\picture.dll
- %TEMP%\~DFA404.tmp
- %TEMP%\~DFBCB9.tmp
- %TEMP%\~DFFEBC.tmp
- %TEMP%\~DF649.tmp
- %TEMP%\~DF2AC2.tmp
- %TEMP%\~DF412B.tmp
- '67.##5.111.54':14001
- '67.##5.111.54':37
- ClassName: 'AfxWnd42' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell_TrayWnd' WindowName: ''