Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'secure' = '<SYSTEM32>\<Имя вируса>.exe'
- ClassName: 'AOL Frame25' WindowName: ''
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\maintime[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\time[1].php
- <SYSTEM32>\New<Имя вируса>time.xml
- <Текущая директория>\DHInfoFile.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\downloaddll[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\userid2[1].php
- <SYSTEM32>\HookPopup.dll
- <SYSTEM32>\TempName.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\time[1].php
- <Текущая директория>\DHInfoFile.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\userid2[1].php
- <SYSTEM32>\TempName.dll
- 'ad##.#ealhelper.com':80
- 'localhost':1037
- 'ad#.##alhelper.com':80
- ad#.##alhelper.com/dealhelper/data/time.php
- ad##.#ealhelper.com/dealhelper/adserver/xml/maintime.php
- ad#.##alhelper.com/dealhelper/data/userid2.php
- ad#.##alhelper.com/dealhelper/src/downloaddll.php?us#####
- DNS ASK ad##.#ealhelper.com
- DNS ASK ad#.##alhelper.com
- ClassName: 'Shell_TrayWnd' WindowName: ''