Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Norton Security' = '<Полный путь к вирусу>'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %WINDIR%\system\EDI.ei
- %WINDIR%\system\winlogoff.ini
- ClassName: 'IEFrame' WindowName: 'Connections Tray'
- <Служебный элемент>
- ClassName: 'IEFrame' WindowName: 'Tiny H-Pot v1.7'
- ClassName: 'IEFrame' WindowName: 'Power Meter'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'IEFrame' WindowName: 'Program Manager'
- ClassName: 'IEFrame' WindowName: 'MS_WebcheckMonitor'
- ClassName: 'IEFrame' WindowName: '<SYSTEM32>\cscript.exe'
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'IEFrame' WindowName: 'TF_FloatingLangBar_WndTitle'
- ClassName: 'IEFrame' WindowName: 'CiceroUIWndFrame'
- ClassName: 'IEFrame' WindowName: '<Имя вируса>'
- ClassName: 'IEFrame' WindowName: '<WINDOWS_KILLER>'
- ClassName: 'IEFrame' WindowName: '<Служебное имя>1 (x32) - build Aug 25 2014'
- ClassName: 'IEFrame' WindowName: '<Служебное имя>'