Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Rspdates Apxplicatioan] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k netsvcs
- %WINDIR%\regedit.exe /s %PROGRAM_FILES%\Internet Explorer\2.reg
- %WINDIR%\YesHooleYous.reg
- %TEMP%\wi161546ntr4fackavst.temp
- %WINDIR%\YesHooleYous.txt
- %PROGRAM_FILES%\Internet Explorer\2.reg
- %WINDIR%\MyInformations.ini
- %WINDIR%\YesHooleYous.reg
- %WINDIR%\MyInformations.ini
- %PROGRAM_FILES%\Internet Explorer\2.reg
- %WINDIR%\YesHooleYous.txt
- из <Полный путь к вирусу> в %WINDIR%\svch0st1.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''