Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKDevice' = '<SYSTEM32>\ieassist.exe'
- <SYSTEM32>\MultiUse\IEXPLORER.EXE
- <SYSTEM32>\ieassist.exe <Полный путь к вирусу>
- <SYSTEM32>\MultiUse\uninstall.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\start[1].php
- <SYSTEM32>\ieassist.exe
- <SYSTEM32>\MultiUse\IEXPLORER.EXE
- 'st###.#earch-php.com':80
- st###.#earch-php.com/nav/start.php?ci####################################
- DNS ASK st###.#earch-php.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '@MultiUseIEeassist@'
- ClassName: '' WindowName: 'TEST'