Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Userinit' = '%WINDIR%\usrinit.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}] 'StubPath' = '%WINDIR%\usrinit.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}] 'StubPath' = '<Полный путь к вирусу>'
- %WINDIR%\usrinit.exe
- %WINDIR%\usrinit.exe
- %TEMP%\~DFC11B.tmp
- 'l3####3.sytes.net':4010
- DNS ASK l3####3.sytes.net