Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\GrayPigeon_Hacker.com.cn] 'Start' = '00000002'
- '%TEMP%\±ЈК±ЅЭ.exe'
- '%WINDIR%\Hacker.com.cn.exe'
- '%TEMP%\.<Имя вируса>.exe'
- '%TEMP%\№ТёзЕЖНв№Т1.4Гв·С°ж.exe'
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\explorer.exe' "http://www.bt##999.com"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\№Тёз.exe
- %WINDIR%\Hacker.com.cn.exe
- <SYSTEM32>\AnMieWg.dll
- <SYSTEM32>\ИрРЗ·А»рЗЅ(№э·З·ЁДЈїй№жФт).fwr
- %TEMP%\AnMieWg.dll
- %TEMP%\.<Имя вируса>.exe
- %TEMP%\$readtxttemp.txt
- %TEMP%\№ТёзЕЖНв№Т1.4Гв·С°ж.exe
- %TEMP%\$webpath.txt
- %TEMP%\±ЈК±ЅЭ.exe
- %TEMP%\AnMieWg.dll
- <SYSTEM32>\ИрРЗ·А»рЗЅ(№э·З·ЁДЈїй№жФт).fwr
- <SYSTEM32>\AnMieWg.dll
- %WINDIR%\Hacker.com.cn.exe
- <SYSTEM32>\№Тёз.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index-1[1]
- %TEMP%\$webpath.txt
- %TEMP%\$readtxttemp.txt
- 'www.bt##999.com':80
- 'bt####9.3322.org':8000
- 'localhost':1041
- 'localhost':1038
- 'www.30##f.com':80
- www.bt##999.com/
- www.bt##999.com/company/index-1/
- www.30##f.com/flash.swf
- DNS ASK bt####9.3322.org
- DNS ASK www.bt##999.com
- DNS ASK www.30##f.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''