Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '"<Полный путь к вирусу>"'
- %PROGRAM_FILES%\FunshionInstall_C104498.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\download[1].php
- %PROGRAM_FILES%\FunshionInstall_C104498.exe
- %PROGRAM_FILES%\FunshionInstall_C104118.exe
- %PROGRAM_FILES%\FunshionInstall_C104118.exe.log
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\download[1].php
- 'pa#####.funshion.com':80
- 'www.fu###ion.com':80
- pa#####.funshion.com/partner/download.php?id###############
- www.fu###ion.com/partner/download.php?id##############
- DNS ASK pa#####.funshion.com
- DNS ASK www.fu###ion.com
- ClassName: 'Indicator' WindowName: ''