Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'urlspace' = '<Полный путь к вирусу> -h'
- %APPDATA%\Spiritsoft\urlspirit\taskcore.exe
- %TEMP%\Temporary Internet Files\Content.IE5\MG0D2UGQ\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\OH6RGL63\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\EJ2XSVQL\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\8NG3O3WX\desktop.ini
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- %APPDATA%\Spiritsoft\urlspirit\product.dat
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %APPDATA%\Spiritsoft\urlspirit\taskcore.exe
- %TEMP%\Temporary Internet Files\Content.IE5\MG0D2UGQ\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\EJ2XSVQL\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\8NG3O3WX\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\OH6RGL63\desktop.ini
- %APPDATA%\Spiritsoft\urlspirit\index.dat
- 'ur#####it.spiritsoft.cn':80
- ur#####it.spiritsoft.cn/update/update.htm?q=####
- DNS ASK ur#####it.spiritsoft.cn
- ClassName: '#32770' WindowName: 'taskcore.exe - ??????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''