Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>.exe' = 'C:\'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1Hijack This' = '%APPDATA%\Hijack This.exe'
- <Drive name for removable media>:\autorun.inf
- hidden files
- D:\autorun.inf
- %APPDATA%\microsoft\windows\start menu\programsexplorer.exe
- C:\<File name>.exe
- unc\idncwzht\users\j2ebe.exe
- <DRIVERS>\etc\jckly
- %APPDATA%\hijack this.exe
- D:\autorun.inf
- <Drive name for removable media>:\autorun.inf
- %APPDATA%\hijack this.exe
- 'localhost':80
- DNS ASK au######on.whatismyip.com