The following Host Name was requested from a host database:
mails.pes2009.biz
There was registered attempt to establish connection with the remote host. The connection details are:
Remote Host Port Number
mails.pes2009.biz 8800
Registry Modifications
The newly created Registry Values are:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
Taskman = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455psysnew.exe”
so that psysnew.exe runs every time Windows starts
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
psysnew = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455psysnew.exe”
so that psysnew.exe runs every time Windows starts
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon]
Shell = “explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455psysnew.exe”
so that psysnew.exe runs every time Windows starts
Memory Modifications
There were new processes created in the system:
Process Name Process Filename Main Module Size
psysnew.exe c:recyclers-1-5-21-0243556031-888888379-781863308-1455psysnew.exe 86.016 bytes
[filename of the sample #1] [file and pathname of the sample #1] 86.016 bytes