Technical Information
- Handler for all processes: %TEMP%\RarSFX0\inproc.dll
- %TEMP%\RarSFX0\svchost.exe
- %TEMP%\RarSFX0\skin\english\%%#.bmp
- %TEMP%\RarSFX0\skin\english\%%$.bmp
- %TEMP%\RarSFX0\skin\english\skin.ini
- %TEMP%\RarSFX0\skin\english\Thumbs.db
- %TEMP%\RarSFX0\hook.dll
- %TEMP%\RarSFX0\inproc.dll
- %TEMP%\RarSFX0\NTPerf.dll
- %TEMP%\RarSFX0\oem_sp.dat
- %TEMP%\RarSFX0\PSAPI.DLL
- %TEMP%\RarSFX0\speeder.ini
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\user_fairy[1].asp
- %TEMP%\RarSFX0\skin\english\Thumbs.db
- 'vr###thers.com':80
- http://www.vr###thers.com/user_fairy.asp?so###################### via vr###thers.com
- DNS ASK www.vr###thers.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\svchost.exe'