Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lsrss' = '%APPDATA%\lsrss.exe'
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\starter.exe
- '%WINDIR%\csservice.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\Temp21.vbs"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe'
- '<SYSTEM32>\cmd.exe' /C cd %APPDATA%\ &&ren *.zgy *.exe && exit
- '%TEMP%\clrss.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
- %TEMP%\clrss.exe
- %WINDIR%\csservice.exe
- %APPDATA%\lsrss.zgy
- %TEMP%\Temp21.vbs
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\starter.exe
- %TEMP%\Temp21.vbs
- from %APPDATA%\lsrss.zgy to %APPDATA%\lsrss.exe