Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows Update' = '%APPDATA%\msupdate.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows Update' = '%APPDATA%\msupdate.exe'
- hidden files
- %APPDATA%\msupdate.exe
- %APPDATA%\msupdate.exe
- DNS ASK ad#.###slideshow.com
- DNS ASK ftp.updates-microsoft.com
- '%APPDATA%\msupdate.exe'