Техническая информация
- [<HKLM>\SOFTWARE\Classes\IE\shell\open\command] '' = 'CE:„t=яtЪя™нt9яхБ@ю http://www.67ku.com?1130911'
- [<HKLM>\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\shell\Open\Command] '' = 'CE:„t=яtЪя™нt9яхБ@ю http://www.laitao.info'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\c[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\c[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c[1].php
- из <Полный путь к вирусу> в <Текущая директория>\228.tmp
- 'y.##7q.com':80
- 'localhost':1036
- y.##7q.com/sms/c.php?pa###########
- DNS ASK y.##7q.com
- ClassName: '?? ???????u0&f?=???tu?&?}!?u?f1?????f??f' WindowName: '(null)'
- ClassName: 'u?&?}!?u?f1?????f??f' WindowName: '(null)'