Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Google_Toobar' = '<SYSTEM32>\Google_Toobar.exe'
- %TEMP%\1.exe
- <Current directory>\<File name>.avi
- <SYSTEM32>\Google_Toobar.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\ocget[1].htm
- <Full path to file>
- 'localhost':1038
- '20#.#6.232.182':80
- http://activex.microsoft.com/objects/ocget.dll via 20#.#6.232.182
- DNS ASK activex.microsoft.com
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- '%TEMP%\1.exe' <Full path to file>
- '<SYSTEM32>\Google_Toobar.exe'
- '%ProgramFiles%\Windows Media Player\wmplayer.exe' /prefetch:8 /Open "<Current directory>\<File name>.avi"