Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\drko] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe
- %PROGRAM_FILES%\ymfj\qexb.dll
- %PROGRAM_FILES%\ymfj\nbuy.dll
- %PROGRAM_FILES%\ymfj\eslp.dll
- %PROGRAM_FILES%\ymfj\bpimlex.ini
- %PROGRAM_FILES%\ymfj\ocvz.lex
- %PROGRAM_FILES%\ymfj\cqjn.ini
- %PROGRAM_FILES%\ymfj\xlei.ini
- %PROGRAM_FILES%\ymfj\iwpt.dll
- %PROGRAM_FILES%\ymfj\lzsw.dll
- %PROGRAM_FILES%\ymfj\thae.ini
- <Полный путь к вирусу>
- из <Полный путь к вирусу> в C:\~de1.tmp
- DNS ASK www.bo###nder.cn
- DNS ASK www.bo####der.com.cn
- DNS ASK up####.borlander.cn
- ClassName: '_stdup_in_wnd_' WindowName: '_stdup_in_wnd_'
- ClassName: '_stdd_int_wnd_' WindowName: '_stdd_int_wnd_'
- ClassName: '_std_ad_wnd_' WindowName: '_std_ad_wnd_'
- ClassName: '_stdup_cha_wnd_' WindowName: '_stdup_cha_wnd_'