Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'bootstat' = '<Полный путь к вирусу>'
- %WINDIR%\Help\spider\agt0411.exe
- 'www.ea####ravel.co.za':80
- www.ea####ravel.co.za/components/com_poll/enviador.php
- DNS ASK www.ea####ravel.co.za
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell_TrayWnd' WindowName: ''