Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NetworkChecker' = '<Full path to virus>'
- [<HKLM>\Software\BPFTP]
- [<HKCU>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\Sota\FFFTP\Options]
- [<HKLM>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\SOFTWARE\Far2\Plugins\FTP\Hosts]
- [<HKCU>\SOFTWARE\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\SOFTWARE\Far\Plugins\FTP\Hosts]
- [<HKCU>\SOFTWARE\Microsoft\MessengerService]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\SOFTWARE\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- <DRIVERS>\npf.sys
- <SYSTEM32>\wpcap.dll
- <SYSTEM32>\Packet.dll
- <Full path to virus>
- '19#.#42.126.19':80
- '93.##.254.37':80
- '11#.#3.23.13':80
- '21#.#11.239.252':80
- '17#.#6.34.253':80
- '46.##1.92.53':80
- '17#.#8.11.54':80
- '21#.#00.41.52':80
- '19#.#06.223.38':80
- '27.#.39.52':80
- '77.#5.8.251':80
- '5.##.2.97':80
- '72.##9.149.97':80
- '17#.#.203.95':80
- '62.##2.83.90':80
- '17#.#9.64.91':80
- 'localhost':1101
- '94.##3.100.250':80
- '19#.#7.48.102':80
- '31.##2.176.100':80
- '95.##4.5.102':80
- '20#.#03.39.57':80
- '77.##2.71.59':80
- '18#.#29.154.56':80
- '37.##5.46.52':80
- '10#.#6.192.55':80
- '58.##4.144.70':80
- 'localhost':1173
- '10#.#51.197.68':80
- '18#.#35.197.64':80
- '14#.#15.210.64':80
- '17#.#51.34.50':80
- '17#.#15.161.32':80
- '15#.#24.8.48':80
- '94.##4.159.32':80
- '46.#11.6.55':80
- 'localhost':1134
- '17#.#68.40.31':80
- '18#.#90.42.32':80
- '10#.#54.130.25':80
- '46.##8.251.48':80
- '77.#7.41.50':80
- '46.##.139.89':80
- '94.##3.66.233':80
- '46.##8.84.235':80
- '17#.#15.244.232':80
- '37.##.194.232':80
- '11#.#52.240.232':80
- '17#.#06.213.242':80
- 'localhost':1055
- '94.##3.14.241':80
- '17#.#50.90.238':80
- '77.##2.179.238':80
- '46.##5.45.231':80
- '1.###.162.221':80
- '11#.#05.165.222':80
- '62.##0.39.221':80
- '18#.#90.24.215':80
- '92.##.171.218':80
- '90.##4.14.230':80
- '19#.#27.38.231':80
- '17#.#.154.229':80
- '5.###.94.228':80
- '77.##2.65.229':80
- '94.##.251.82':80
- '12#.#21.34.83':80
- '46.#2.24.82':80
- '61.##.176.76':80
- '92.##.195.81':80
- '17#.#51.75.88':80
- '77.##2.150.88':80
- '78.##1.219.86':80
- '93.##.253.84':80
- '37.##.163.85':80
- '21#.#97.252.74':80
- '12#.#20.130.202':80
- '31.##8.184.205':80
- '37.##5.92.202':80
- '17#.#50.48.199':80
- '17#.#.125.199':80
- '95.##.220.213':80
- 'localhost':1078
- '91.##9.158.213':80
- '22#.#20.71.210':80
- '15#.#24.85.211':80
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'