Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'intelCTdownloder' = '<Полный путь к вирусу>'
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://몽키##.zr.to/plugin/clicks/click.php?mb#################
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://in###ct.zr.to/plugin/clicks/click.php?mb#################
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://sh###down.xe.to
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\intel+CT+3%C2%F7[1].zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\click[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\sharedown.xe[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\intel+CT+3%C2%F7[1].zip
- 'in###ct.zr.to':80
- 'localhost':1039
- 'mf####.naver.net':80
- 'localhost':1035
- 'sh###down.xe.to':80
- 'localhost':1037
- mf####.naver.net/0b9e17a4bee7ef331af899aa95720f79d2877d987d/20110722_80_blogfile/wjdghks9286_1311308798686_CGFZ7s_zip/intel+CT+3%C2%F7.zip?ty#############
- in###ct.zr.to/plugin/clicks/click.php?mb#################
- sh###down.xe.to/
- DNS ASK mf####.naver.net
- DNS ASK in###ct.zr.to
- DNS ASK sh###down.xe.to
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''