Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ravfymon' = '%ProgramFiles%\NetMeeting\ravfymon.exe'
- '<SYSTEM32>\cmd.exe' /c del "<Полный путь к вирусу>"
- %WINDIR%\Explorer.EXE
- Библиотека-обработчик для всех процессов: %ProgramFiles%\NetMeeting\ravfymon.dat
- ClassName: 'AVP.TrafficMonConnectionTerm' WindowName: ''
- ClassName: 'AVP.Product_Notification' WindowName: ''
- ClassName: 'AVP.AlertDialog' WindowName: ''
- %ProgramFiles%\NetMeeting\ravfymon.dat
- %ProgramFiles%\NetMeeting\ravfymon.cfg
- %ProgramFiles%\NetMeeting\ravfymon.exe
- %ProgramFiles%\NetMeeting\ravfymon.dat
- %ProgramFiles%\NetMeeting\ravfymon.cfg
- %ProgramFiles%\NetMeeting\ravfymon.exe
- ClassName: '#32770' WindowName: 'IE ЦґРР±Ј»¤'
- ClassName: '#32770' WindowName: '???????????????????? - IE??????'
- ClassName: '#32770' WindowName: 'ИрРЗїЁїЁЙПНш°ІИ«ЦъКЦ - IE·АВ©ЗЅ'
- ClassName: '#32770' WindowName: '??????????????????'
- ClassName: '#32770' WindowName: 'ИрРЗЧўІб±нјаїШМбКѕ'
- ClassName: '#32770' WindowName: 'IE ????????'