Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] '1ntrenat' = '%TEMP%\myself5.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\sovhst.exe'
- [<HKLM>\SOFTWARE\Microsoft\Command Processor] 'autorun' = '<SYSTEM32>\sovhst.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\zdgat] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\eygmgwol] 'Start' = '00000000'
- <SYSTEM32>\conmie.exe
- %TEMP%\4005.exe
- %TEMP%\setup_102725.exe
- %TEMP%\lsass.exe
- <SYSTEM32>\sovhst.exe
- <SYSTEM32>\svohost.exe
- %WINDIR%\eygmgwol.exe
- %TEMP%\TBSetup(-33554357).exe
- %TEMP%\S_pas6666_1A1.exe
- %TEMP%\dl1host.exe
- %TEMP%\myself5.exe
- %TEMP%\qq03.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\3o0703.bat
- <SYSTEM32>\rundll32.exe <SYSTEM32>\sNgNi3.dll,DllUnregisterServer
- <SYSTEM32>\cmd.exe /c %TEMP%\tmp.bat
- <SYSTEM32>\ping.exe -n 3 127.0.0.1
- <SYSTEM32>\cmd.exe /c %TEMP%\dsetup.bat
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\zzToolBar\Toolbar_bho.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\sNgNi3.dll,DllRegisterServer
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\zzToolBar\ToolBand.dll"
- iexplore.exe
- NtQueryDirectoryFile, handler: dtwfwqun.sys
- NtQuerySystemInformation, handler: dtwfwqun.sys
- NtEnumerateKey, handler: dtwfwqun.sys
- NtEnumerateValueKey, handler: dtwfwqun.sys
- %WINDIR%\eygmgwol.exe
- <SYSTEM32>\HLQQ2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\baidu[1]
- <SYSTEM32>\sovhst.exe
- <SYSTEM32>\discard.ini
- <SYSTEM32>\conmie.exe
- <SYSTEM32>\sNgNi3.dll
- %HOMEPATH%\Favorites\НшЦ·µјєЅ.url
- <SYSTEM32>\3o0703.bat
- <DRIVERS>\zdgat.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\rankstat[1].htm
- %TEMP%\tmp.bat
- %WINDIR%\sysqq.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\install[1].asp
- <SYSTEM32>\sufost.ini
- %TEMP%\tmp.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\downloader[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\new[1].rar
- %TEMP%\lsass.exe
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Жф¶Ї Internet Explorer дЇААЖч.lnk
- %TEMP%\setup_102725.exe
- %TEMP%\dl1host.exe
- <DRIVERS>\dtwfwqun.sys
- %TEMP%\4005.exe
- %TEMP%\myself5.exe
- %TEMP%\S_pas6666_1A1.exe
- %TEMP%\nsc2.tmp
- %TEMP%\qq03.exe
- %TEMP%\TBSetup(-33554357).exe
- %PROGRAM_FILES%\zzToolBar\SearchEngineConfig
- %PROGRAM_FILES%\zzToolBar\IP.dat
- %PROGRAM_FILES%\zzToolBar\Uninstall.exe
- %TEMP%\dsetup.bat
- %PROGRAM_FILES%\zzToolBar\Toolbar_bho.dll
- %TEMP%\nsg4.tmp\Processes.dll
- %WINDIR%\eygmgwol.exe
- %PROGRAM_FILES%\zzToolBar\ToolBand.dll
- C:\tmpqq10000.tmp
- %TEMP%\tmp.tmp
- <SYSTEM32>\svohost.exe
- %TEMP%\4005.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\install[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\rankstat[1].htm
- %TEMP%\S_pas6666_1A1.exe
- C:\tmpqq10000.tmp
- %TEMP%\nsg4.tmp\Processes.dll
- %TEMP%\qq03.exe
- %TEMP%\setup_102725.exe
- from <SYSTEM32>\HLQQ2.exe to <SYSTEM32>\svohost.exe
- 'localhost':1053
- 'qq###3.com.cn':80
- 'do##.gotog88.cn':80
- 'www.ou##ang.cn':80
- 'www.qq##p.cn':80
- 'up####.heishatu.cn':80
- 'localhost':1056
- 'pw#.#1ave.net':80
- 'localhost':1036
- 'localhost':1035
- 'www.ba##u.com':80
- 'ms#.#lone.cn':80
- 'aa##.11ave.net':80
- 'xy#.#as6666.cn':80
- qq###3.com.cn/new.rar
- qq###3.com.cn/hailiang.asp?ac################################################################################################
- www.ou##ang.cn/api.php?bX##################################################################################################
- www.qq##p.cn/bawang/install.asp?ve#########################################################################################################
- up####.heishatu.cn/adsys/rankstat.htm?In##############################################################################################
- www.ba##u.com/
- pw#.#1ave.net/cike.php?fi#################################################
- xy#.#as6666.cn/count.php?fi#################################################
- ms#.#lone.cn/html/downloader.gif
- aa##.11ave.net/cike.php?fi#################################################
- DNS ASK do##.gotog88.cn
- DNS ASK www.ou##ang.cn
- DNS ASK qq###3.com.cn
- DNS ASK www.qq##p.cn
- DNS ASK up####.heishatu.cn
- DNS ASK www.ba##u.com
- DNS ASK pw#.#1ave.net
- DNS ASK xy#.#as6666.cn
- DNS ASK ms#.#lone.cn
- DNS ASK aa##.11ave.net
- ClassName: 'NotifyWnd' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: '' WindowName: '????????????'
- ClassName: 'ATL:020943B0' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'SysPager' WindowName: ''
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''
- ClassName: 'Afx:400000:0' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '' WindowName: 'Shell_TrayWnd'
- ClassName: '' WindowName: 'QQnew'
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: '' WindowName: '????????'
- ClassName: '{F03B79CC-5B19-4D71-9EDD-FFDD44B441BF}' WindowName: '{F03B79CC-5B19-4D71-9EDD-FFDD44B441BF}'
- ClassName: '' WindowName: 'biaoji'