%Documents and Settings%\%current user%\Local Settings\Temp\~4BB0A38B.TMP (98 bytes) %Documents and Settings%\%current user%\Local Settings\Temp\~2D915D30.TMP (50 bytes) %Documents and Settings%\%current user%\Local Settings\Temp\~09E7FCEE.TMP (128 bytes) %Documents and Settings%\%current user%\Local Settings\Temp\~7AB73D6F.TMP (52 bytes) %Documents and Settings%\%current user%\Local Settings\Temp\~355ADAFA.ELOG (438554 bytes) %Program Files%\Common Files\mdhc\dsau.exe (1702 bytes) The process EXE_temp3.exe:816 makes changes in the file system. %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ya.htm (0 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_desktop.js (0 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ (0 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ (0 bytes) %Documents and Settings%\%current (0 bytes) The process svchots.exe:3760 makes changes in the file system. %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\global1.3.css (0 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index.html (0 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\yuan.css (0 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\global1.3.css (1 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\yuan.css (4 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\global1.3.css (2 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaf38b09fdfe9c4d8687973dec764.gif (570 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index.html (2 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b54815b87c96d562a1e3eb3a6f418.gif (1661 bytes) %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\yuan.css (1 bytes) The process objs.exe:3332 makes changes in the file system. %Program Files%\Common Files\Lkcjzquw.exe (3511647 bytes) The process dsau.exe:3672 makes changes in the file system. %Documents and Settings%\%current user%\Local Settings\Temp\bt5867.bat (0 bytes) %Documents and Settings%\%current user%\Local Settings\Temp\bt5867.bat (55 bytes) The process EXE_temp4.EXE:1516 makes changes in the file system. %WinDir%\JMt\sys32\shock_new.dat1 (0 bytes) %WinDir%\JMt\sys32\shock_new.dat1 (3 bytes) %WinDir%\JMt\sys32\shock_new.dat0 (54 bytes) The process shock.exe:3516 makes changes in the file system. %Documents and Settings%\%current user%\Local Settings\Temp\bt3742.bat (0 bytes) The Trojan deletes the following file(s): %Documents and Settings%\%current user%\Local Settings\Temp\bt3742.bat (48 bytes) The Trojan creates and/or writes to the following file(s): The process EXE_temp1.EXE:308 makes changes in the file system. The Trojan injects its code into the following process(es): The Trojan creates the following process(es):
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |