Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '<Полный путь к вирусу>'
- '%WINDIR%\empty.exe' 2784
- %WINDIR%\empty.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kuang216523.ys168[1]
- 'ku#####6523.ys168.com':80
- 'c5.##168.com':80
- 'wo#####ng.blog.163.com':80
- 'localhost':1036
- 'www.iw##eng.com':80
- ku#####6523.ys168.com/
- c5.##168.com/C_zxsj.aspx?dl##############
- wo#####ng.blog.163.com/blog/static/219984086201364104225198/
- www.iw##eng.com/ok.txt
- www.iw##eng.com/tc.txt
- DNS ASK ku#####6523.ys168.com
- DNS ASK c5.##168.com
- DNS ASK www.iw##eng.com
- DNS ASK wo#####ng.blog.163.com
- ClassName: 'msctls_updown32' WindowName: '(null)'
- ClassName: 'SysHeader32' WindowName: '(null)'
- ClassName: 'SysIPAddress32' WindowName: '(null)'
- ClassName: 'SysDateTimePick32' WindowName: '(null)'
- ClassName: 'ToolbarWindow32' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Edit' WindowName: '(null)'
- ClassName: 'ComboBox' WindowName: '(null)'
- ClassName: 'ENewFrame' WindowName: '(null)'
- ClassName: 'BUTTON' WindowName: '(null)'
- ClassName: 'msctls_trackbar32' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: 'SysTreeView32' WindowName: '(null)'
- ClassName: 'msctls_progress32' WindowName: '(null)'
- ClassName: 'ListBox' WindowName: '(null)'