Technical Information
- %ProgramFiles%\Internet Explorer\iexplore.bk
- %ProgramFiles%\Internet Explorer\iexplore.exe
- '%ProgramFiles%\Internet Explorer\services.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c del %ProgramFiles%\Internet Explorer\IEXPLO~1.TMP
- '%ProgramFiles%\Internet Explorer\services.exe'
- '<SYSTEM32>\cmd.exe' /c del <Full path to file>
- %ProgramFiles%\Internet Explorer\services.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\secureme[1].html
- <SYSTEM32>\dllcache\iexplore.exe.new
- from %ProgramFiles%\Internet Explorer\iexplore.exe to %ProgramFiles%\Internet Explorer\iexplore.exe.tmp
- from %ProgramFiles%\Internet Explorer\IEXPLORE.EXE to %ProgramFiles%\Internet Explorer\iexplore.bk
- '74.##5.232.51':80
- 'localhost':1036
- http://si###.google.com/site/winavsecure/secureme.html via 74.##5.232.51
- DNS ASK si###.google.com