Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '<Полный путь к вирусу>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'init' = '01'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\keepnew[1].php
- 'ho#####0.serveftp.com':80
- 'localhost':1035
- ho#####0.serveftp.com/contador/keepnew.php?&l##########################
- DNS ASK ho#####0.serveftp.com
- ClassName: 'Indicator' WindowName: ''