Техническая информация
- [<HKLM>\SOFTWARE\Classes\.NewIE\shell\open\command] '' = 'IEXPLORE.EXE http://www.jiuku123.com/'
- расширений файлов
- '%WINDIR%\1059\spring.jpg' 1424
- '%WINDIR%\1059\mone.jpg'
- '%WINDIR%\1059\women.jpg' <Полный путь к вирусу>===
- '<SYSTEM32>\rundll32.exe' advpack.dll,DelNodeRunDLL32 %APPDATA%\microsoft\internet explorer\quick launch\windows media player.lnk
- '<SYSTEM32>\rundll32.exe' advpack.dll,DelNodeRunDLL32 %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
- '%WINDIR%\regedit.exe' /s "%WINDIR%\1059\jia.reg"
- %WINDIR%\1059\winner.jpg
- %WINDIR%\1059\jia.reg
- %WINDIR%\1059\spring.jpg
- %WINDIR%\1059\women.jpg
- %WINDIR%\1059\mone.jpg
- %WINDIR%\1059\Sunset.jpg
- %HOMEPATH%\Start Menu\Programs\Internet Explorer.NewIE
- %HOMEPATH%\Favorites\.url
- %HOMEPATH%\Desktop\Internet Explorer.NewIE
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.NewIE
- %HOMEPATH%\Start Menu\Internet Explorer.NewIE
- %WINDIR%\1059\13.ico
- %WINDIR%\1059\5.ico
- %WINDIR%\1059\6.ico
- %WINDIR%\1059\4.ico
- %WINDIR%\1059\2.ico
- %WINDIR%\1059\3.ico
- %WINDIR%\1059\7.ico
- %WINDIR%\1059\11.ico
- %WINDIR%\1059\17.ico
- %WINDIR%\1059\10.ico
- %WINDIR%\1059\8.ico
- %WINDIR%\1059\9.ico
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'