Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Managemont WinQ01] 'Start' = '00000002'
- <SYSTEM32>\sc.exe create "Windows Managemont WinQ01" binPath= "cmd.exe /c start %WINDIR%\Cursors\<Имя вируса>.exe" start= auto
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2[1].txt
- %WINDIR%\system\system.mp3
- из <Полный путь к вирусу> в %WINDIR%\Cursors\<Имя вируса>.exe
- 'www.tj##.co.cc':80
- 'localhost':1035
- www.tj##.co.cc/3.txt
- www.tj##.co.cc/2.txt
- www.tj##.co.cc/1.txt
- DNS ASK www.tj##.co.cc
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''
- ClassName: 'SysPager' WindowName: ''