The virus starts by decryipting a part of its code in order to resolve its imports.
When that is done it searches for the process svchost.exe, injects in it and creates the mutex asd..6567fj.
After the virus code has been injected it checks if it runs from C:RecyclerD-1-5-21-1482476501-1644491937-682003330-1013autorun.exe and if doesn’t it copies to that location. It then creates two threads.
For more information, symptoms and removal instructions click here .
Recent shouts