Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe, %APPDATA%/Microsoft/Internet Explorer/iexplore.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\avp.exe
- [<HKLM>\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %LOCALAPPDATA%\2blauncher.exe
- %APPDATA%\justflash.exe
- %APPDATA%\temppath\iocontrol.exe
- 'xa##.3dn.ru':21
- DNS ASK xa##.3dn.ru
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"