Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuckstarter' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'avira' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AVFuck' = '%TEMP%\avira.cmd'
- скрытых файлов
- bdagent.exe
- AVP.EXE
- smc.exe
- outpost.exe
- fsav32.exe
- zlclient.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %TEMP%\avira.cmd
- %APPDATA%\Stolen CD Keys.txt
- %APPDATA%\Stolen Passwords.txt
- ClassName: 'VMDragDetectWndClAss' WindowName: ''