Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UserFaultCheck' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'MTUchk' = '{F3A541F6-8ACB-4BAE-BA6E-8FAAA4335834}'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\vl] 'Name' = '%APPDATA%\Catalyst\CatalystCfg.dll'
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\spoolsv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\money[1].dll
- %APPDATA%\Java\j2deploy.dll
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20110714-161114-00.hdmp
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20110714-161114-00.mdmp
- %APPDATA%\Catalyst\CatalystCfg.dll
- C:\spoolerlogs\spooler.xml
- %APPDATA%\msierr.log
- из <Полный путь к вирусу> в <Текущая директория>\err.log
- 'ge##cc.net':80
- 'ca###yst.com':80
- ge##cc.net/ib/money.dll
- ca###yst.com/stats/productid.php
- DNS ASK ge##cc.net
- DNS ASK ca###yst.com
- ClassName: '' WindowName: 'Spooler SubSystem App'