Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysInspector.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysRescue.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zyzoom_HijackThis.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrzState2k.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DF5Serv.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Armor2net.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boda fire-wall.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smsniff.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regshot.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KeyScrambler.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiLogger.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessHacker.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TIGeR-Firewall.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DUC30.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVASTSS.scr] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCmd.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswupdsv.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '%WINDIR%\%USERNAME%.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaisv.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcfgex.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgfrw.exe] 'Debugger' = 'ntsd -d'
- <Drive name for removable media>:\System32.exe
- <Drive name for removable media>:\System32\<Virus name>.exe
- <Drive name for removable media>:\Autorun.inf
- %WINDIR%\WarNet.exe -modify %WINDIR%\%USERNAME%.exe , %WINDIR%\%USERNAME%.exe , %WINDIR%\WarNet.ico , ICONGROUP, 1, 0
- %WINDIR%\WarNet.exe -extract <SYSTEM32>\shell32.dll , %WINDIR%\WarNet.ico , ICONGROUP, 4,1036
- ekrn.exe
- AVP.EXE
- ashAvast.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1036.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1037.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1033.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1035.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1041.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1042.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1038.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1040.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1025.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1028.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Client.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Graphics.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1031.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1032.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1029.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1030.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1043.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Extended.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Graphics.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3076.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3082.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts.exe
- %WINDIR%\msagent\chars.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SQL\en.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\en-US.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1046.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1049.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1044.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1045.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2052.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2070.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1053.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1055.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031.exe
- <Current directory>\Autorun.inf
- C:\System32\<Virus name>.exe
- %WINDIR%\%USERNAME%.exe
- %WINDIR%\WarNet.ini
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client.exe
- %WINDIR%\WarNet.exe
- %WINDIR%\WarNet.log
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042.exe
- %WINDIR%\WarNet.ini
- %WINDIR%\WarNet.exe
- <Full path to virus>
- %WINDIR%\WarNet.log
- C:\System32\<Virus name>.exe
- <Current directory>\Autorun.inf
- <Drive name for removable media>:\System32\<Virus name>.exe
- <Drive name for removable media>:\Autorun.inf
- ClassName: 'MS_WINHELP' WindowName: ''