Техническая информация
- %WINDIR%\Tasks\daru.job
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\<Имя вируса>.exe
- <SYSTEM32>\schtasks.exe /create /RU "SYSTEM" /TN "daru" /TR "<Полный путь к вирусу>" /SC ONSTART
- <SYSTEM32>\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
- <SYSTEM32>\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
- %APPDATA%\a.png
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\androidlinfo[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a[1].png
- %APPDATA%\<Имя вируса>.exe
- %APPDATA%\1sttime.txt
- 'an####dgadget.org':80
- 'localhost':1037
- 'lo###tube.com':80
- an####dgadget.org/androidlinfo.html
- lo###tube.com/a.png
- DNS ASK an####dgadget.org
- DNS ASK lo###tube.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''