Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\apppatch\gagkgmk.dat,'
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\winlogon.exe
- magent.exe
- maplestory.exe
- MCAGENT.EXE
- l2.bin
- lin.bin
- lotroclient.exe
- Mir3Game.exe
- msnmsgr.exe
- NAVAPW32.EXE
- netxray.exe
- miranda32.exe
- mpftray.exe
- msn6.exe
- InphaseNXD.exe
- fsavgui.exe
- gc.exe
- ge.exe
- fsav.exe
- fsav32.exe
- fsavaui.exe
- googletalk.exe
- httplook.exe
- ICQ.exe
- iexplore.exe
- GUARD.EXE
- GVOnline.bin
- gw.exe
- windump.exe
- woool.exe
- wow.exe
- TwelveSky2.exe
- WebMoney.exe
- winbaram.exe
- wsm.exe
- zlclient.exe
- ZONEALARM.EXE
- ZZ__cd75efb816b2cc__.exe
- YahooMessenger.exe
- ybclient.exe
- zapro.exe
- trillian.exe
- outpost.exe
- pidgin.exe
- qip.exe
- nod.exe
- nod32.exe
- opera.exe
- Ragexe.exe
- so3d.exe
- spidernt.exe
- sro_client.exe
- RagFree.exe
- skype.exe
- smc.exe
- %WINDIR%\AppPatch\gagkgmk.dat
- из <Полный путь к вирусу> в %TEMP%\DEF5.tmp
- DNS ASK www.microsoft.com
- DNS ASK bl####uiltiness.com
- DNS ASK www.bing.com
- ClassName: 'a` aA`' WindowName: ''