Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Winlogon' = '%APPDATA%\Adobe\Flash Player\AssetCache<File name>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Firefox' = '<Full path to file>'
- hidden files
- System Restore (SR)
- %APPDATA%\adobe\flash player\assetcache<File name>.exe
- C:\checkusb.exe
- D:\checkusb.exe
- <Full path to file>
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'